Microsoft now allows all users to remove account passwords

by Mark Tyson on 16 September 2021, 13:11

Tags: Microsoft (NASDAQ:MSFT)

Quick Link: HEXUS.net/qaeq5d

Add to My Vault: x

Passwords are a bit of a problem for the average connected device user. They are expected to be secure and unguessable, and many sign-in services insist they mix in various lower and upper case letters, numbers, and even special characters – which makes them unmemorable for genuine users/customers. We have greater availability of biometric access security nowadays, but we still seem to be quite some way from the promised 'passwordless future'. People are generally OK with managing their passwords as long as they don't have to change devices often, or services don't enforce regular password changing, but these are situations that people do often face.

On Wednesday, one of the biggest and most influential OS and software vendors, Microsoft, helped us get one step closer to going passwordless. In a blog post Vasu Jakkal CVP of Security, Compliance and Identity at Microsoft announced that the passwordless future is here for your Microsoft account. In March 2021, Microsoft enabled this feature for commercial users, and has now it has rolled it out for all users – you can delete your Microsoft Account password today…

Jakkal goes into some detail about the problems with passwords, human nature, and hackers before providing a quick outline of how to go through a few clicks in your Microsoft Account settings to banish the use of passwords for many things Microsoft and/or Microsoft controlled. An important step to make before going any further is to download and setup the Microsoft Authenticator app. This app is available for Android or iOS, so of course you are going to need a modern smartphone. Once the app is on your device, verify your ID, and add your fingerprint, face ID, or PIN – to enable two-factor authentication (2FA).

Next, visit your Microsoft Account on the web, you need to sign in here (sorry, one last time), then you choose Advanced Security options. Under Additional Security Options, you’ll see a Passwordless Account toggle. Select Turn on. Follow the on-screen prompts and confirming the deed has been done, you will see the following notification on your smartphone Authenticator app:

From here on in, you will be able to log into your Microsoft accounts and services without any password. This covers "your favourite apps and services, such as Microsoft Outlook, Microsoft OneDrive, Microsoft Family Safety, and more." It probably covers stuff like Skype, Microsoft Edge, and Windows too, but that isn't explicitly stated, sadly. Another Microsoft blog post goes into detail about using Microsoft Edge in a passwordless environment, and with the help of Microsoft Authenticator and Password Monitor, though.

If you have gone ahead and zapped your Microsoft Account password, but don't like some aspect of the new experience, don't worry, Microsoft says you can always add it back to your account. Microsoft's employee experience shows the passwordless move is popular, though, as "nearly 100 percent of our employees use passwordless options to log in to their corporate accounts".



HEXUS Forums :: 8 Comments

Login with Forum Account

Don't have an account? Register today!
How about if you could have no password, no SMS, no security - if you desired to.

And also if you could change your E-mail also - if you desired to.

And how about if there were No requirement for have a specific length and syntax for your password - that would be Nice.
Nice move MS but most of us don't encrypt our HDDs so when the laptop bag disappears on our way to work we panic. Security is very complicated. These smiling companies need to come up with real user friendly solutions.
I get the idea behind this, however if I went passwordless - does that mean if I lose my phone I'd be locked out of my Xbox, OneDrive, Outlook and various other Microsoft services (and potentially my Windows PC)?
All well and good but everything is then tied to your Microsoft account, which they may or may not decide to charge a fee for in the future, or just arbitrarily ban your account on some game for using a trainer which then wrecks your whole account and you're locked out of it all.

Not just a MS problem as google, apple, facebook and amazon all the same. Bloke only posted on r/Ireland reddit couple weeks ago that he lost his gmail account of 10 years because he lost the head with commenting to some right wing troll on a youtube video in the comments, Google perma banned his youtube and his whole google account, including his email and locking him out of his android phone etc.,

Be very, very wary of putting all your eggs in one basket with these big corporations, none of them can be trusted.
Good move MS - I've been working with authenticator as a default for a while now, and I find it strangely liberating to not have to type in a password, or trigger my password manager to log in.

Its also been useful to know when my account is under attack - I know an old password of mine is out there and people try my microsoft account every so often - now I get a notification when someone tries it, and I can easily deny and alert MS in the same click.

It's not “truely” passwordless as you can still recover your account via security key or via proving who you are to MS but i'll be enabling this feature.