Microsoft Now Lets You Go Completely Passwordless To Thwart Hackers, Here's How
Tired of juggling and trying to remember multiple passwords for different sites and services? Microsoft feels your pain, and more than that, it believes the time has come to leave traditional password input in the past. This is something Microsoft has talked at length about numerous times before, and putting action to words, it announced today that "anyone with a consumer Microsoft account can go completely passwordless!"
No, Microsoft is not leaving users exposed to hackers and online miscreants by leaving accounts wide open. Instead, it is nudging account holders to what it says are "more secure and convenient authentication methods," which include Windows Hello, using the Microsoft Authenticator app, or wielding physical security keys.
Part of the problem with traditional password input is that it people have a habit of using the same password for multiple sites and accounts. Additionally, they can be rather weak, and as Microsoft points out, an attacker could potentially infiltrate an entire organization by swiping a single password, which might have been one that was relatively easy-to-guess. Like "123456" or "abc123," to name a couple of the more popular and weaker passwords.
"Common attacks such as phishing, password spray, and credential stuffing rely on one unchanging truth: when it comes to passwords, human behavior is predictable. Armed with this predictability, bad actors still succeed most of time when attempting these types of attacks, even though the tools they’re using are 30 years old," Microsoft explains.
Microsoft feels so strongly about this that it has gone and removed the requirement for consumers to use a traditional password.
How To Set Up A Passwordless Microsoft Account
Not only is Microsoft championing a passwordless future, it is encouraging users to go that route, and then flashing a message like the one you see above, saying that the removal of a password has "increased the security" of the account.
If you want to go that route, head over to the Advanced Security Options page (shown above), then scroll down to the Additional security section. There you will find a Passwordless account entry. Click Turn on to enable it. Once you do that, a message will appear urging you on.
"A passwordless account reduces the risk of phishing and password attacks. To start setup, select Next, then approve the request from the Microsoft Authenticator app on your phone to remove your password. Once you remove your password, you may lose access to some older apps, services, and devices," the message reads.
From there it's just a matter of following the prompts—click the Next button, approve the request in the Authenticator app (if that's what you are using), and click Done.
Looking a little further down the line, Microsoft says it will "soon" start offering the option to eliminate passwords for its Azure AD customers.
"Administrators will be able to choose whether passwords are required, allowed, or simply don’t exist for a set of users. Users will be able to choose not to set a password when creating an account or to remove their password from an existing account," Microsoft says.
Do you plan to turn off passwords on your Microsoft account? Let us know in the comments section below.