Microsoft now allows you to remove passwords from Microsoft accounts to embrace a password-less future. Starting today, the software giant will allow consumers to sign in to Microsoft accounts with its Microsoft Authenticator app, Windows Hello, a security key or SMS / email verification code instead of a password.
The new option comes just months after Microsoft began rolling out passwordless authentication for business users in March to help people adjust to the realities of remote work. “When I think of security, I think you have to protect your whole life,” says Vasu Jakkal, vice president of security, compliance and identity at Microsoft, in an interview with The edge. “It is no longer enough to think about work or home and everything in between. “
Microsoft has been working towards a password-less future for years, and the pandemic has only accelerated things. “When you have a digital transformation and businesses have to move away overnight… the number of digital surfaces has grown exponentially,” says Jakkal. “The number of attack surfaces has grown exponentially, which has been a key factor for us in accelerating many of our security initiatives. ”
Today is a major milestone for Microsoft’s password-less ambitions, after the company enabled security keys in 2018 and made Windows 10 password-less in 2019. “We have deployed this at Microsoft and near 100% of Microsoft is now password-less, ”says Jakkal. More than 200 million people are already using password-less options, and Jakkal is optimistic about consumer adoption.
It is also a relatively simple process to remove your password. The Microsoft Authenticator mobile app must be installed and linked to your personal Microsoft account. Once this is done, you can visit account.microsoft.com and choose advanced security options, then enable accounts without password in the Additional security section. You then approve the change from your Authenticator application and you will no longer have a password. You can always undo the change and add a password to your Microsoft account in the future.
The advantages of passwordless authentication are very clear. Most people create their own passwords, and it’s often a challenge to create something secure and memorable without resorting to a password manager. People often reuse their passwords as well, allowing attackers to quickly log into a variety of compromised accounts after a particular organization has been targeted and the passwords have been flushed.
Google, Apple and others are also struggling to rely less on passwords. Google Chrome lets you log in without a password, and Apple’s iOS 15 and macOS Monterey updates include a Passkeys in iCloud Keychain feature, an attempt to replace passwords with a more secure login process.
Update, September 15, 10:40 a.m.ET: Article updated to clarify the passwordless options currently in use today.