Microsoft now lets you remove passwords from Microsoft accounts to embrace a passwordless future. Starting today, the software giant will let consumers sign into Microsoft accounts with its Microsoft Authenticator app, Windows Hello, a security key or an SMS/email verification code instead of a password.
The new option comes just months after Microsoft began rolling out passwordless authentication to commercial users in March to help people adapt to the realities of remote working. “When I think about security, I think you need to protect your whole life,” said Vasu Jakkal, corporate vice president of Microsoft Security, Compliance & Identity, in an interview with The edge. “It’s no longer enough to just think about work or home and everything in between.”
Microsoft has been working on a passwordless future for years, and the pandemic has only accelerated things. “When you have digital transformation and companies have to work remotely overnight… the number of digital surfaces has grown exponentially,” explains Jakkal. “The number of attack surfaces has grown exponentially, so that was a big driver for us in accelerating many of our security initiatives.”
Today marks a major milestone for Microsoft’s passwordless ambitions, after the company enabled security keys in 2018 and made Windows 10 passwordless in 2019. “We rolled this out at Microsoft and nearly 100 percent of Microsoft is now passwordless,” says Jakkal. More than 200 million people are already using passwordless options, and Jakkal is optimistic about consumer adoption.
It is also a relatively easy process to remove your password. You must have the Microsoft Authenticator mobile app installed and associated with your personal Microsoft account. Once that’s done, you can go to account.microsoft.com and choose advanced security options and then enable passwordless accounts in the additional security section. Then you approve the change from your Authenticator app and you are password free. You can always undo the change and add a password to your Microsoft account in the future.
The benefits of passwordless authentication are very clear. Most people create their own passwords, and it’s often a challenge to create something that’s safe and easy to remember without relying on a password manager. People also frequently reuse their passwords, allowing attackers to quickly log into various compromised accounts after a particular organization is targeted and passwords are dumped.
Google, Apple and others are also working to reduce reliance on passwords. Google Chrome lets you log in without a password, and Apple’s iOS 15 and macOS Monterey updates include a Passkeys in iCloud Keychain feature, an attempt to replace passwords with a more secure login process.
Update, September 15 10:40 AM ET: Article updated to clarify the passwordless options currently in use.