How and why Microsoft has made account sign-ins completely passwordless
Passwords are the weakest link in a security system implementation, often being the easiest to crack. Now, Microsoft has decided to do away with passwords entirely. The company is rolling out a solution that will remove passwords from Microsoft accounts. The feature has already been rolled out internally at the company and a commercial solution is available, too. Here's more.
Why is Microsoft 'killing' passwords at all?
Cybersecurity researchers have known for years that passwords are essentially a string of characters and the set of characters supported is finite. Moreover, people prefer short, easy to remember, and weak passwords. Many also tend to reuse passwords across multiple platforms. So, hackers can use educated guesses or brute force attacks that try every combination possible (with enough time in hand) to crack passwords.
Sign into Microsoft accounts using Windows Hello, Microsoft Authenticator
People may use strong passwords, password managers, and two-factor authentication. However, these aren't immune from being hacked. Microsoft's new tool for a passwordless login experience is unique because it encourages users to shift to other means of authentication for their Microsoft accounts. Options replacing the password include the Microsoft Authenticator app, Windows Hello, security keys, and SMS or email verification codes.
Here's how to get started using the Microsoft Authenticator app
SMS and email verification codes aren't the most secure since email accounts are again password-protected, defeating the purpose. To make your Microsoft sign-ins passwordless, start by installing the Microsoft Authenticator mobile app and linking it to your account. Then, go to account.microsoft.com> Advanced Security Options> Additional Security and enable passwordless accounts. Lastly, approve the change from the Microsoft Authenticator app and you'll be password-free.
Microsoft claims 200 million people already sign in passwordlessly
This is a major milestone for Microsoft. It first rolled out security keys in 2018 and made Windows 10 passwordless in 2019. Microsoft's Corporate Vice-President of Security, Vasu Jakkal, said that internally, nearly all Microsoft employees use passwordless login. Over 200 million people are using passwordless options, she added. You can also revert to using passwords if you find the new system inconvenient.