All Microsoft accounts can now adopt a passwordless sign-in using the Authenticator app, Windows Hello, passkey, and verification codes


Microsoft will allow consumers to sign in to their Microsoft accounts without a password, the company said.

In March 2021, Microsoft announced that business customers can use passwordless authentication to sign in to their accounts through Azure Active Directory. Over 200 million users have adopted the authentication method.

Starting today, Microsoft announced that you can remove the password from your Microsoft accounts and sign in through the Microsoft Authenticator app, Windows Hello, a security key or verification code sent to a phone, or to an email.

Microsoft Corporate Vice President Liat Ben-Zur said signing in without a password would help protect Microsoft accounts against identity attacks such as phishing.

All Microsoft accounts now support login without password

Microsoft’s journey to a password-less future began in 2018 with the deployment of security keys and continued into 2019 when Windows 10 went password-less.

All Microsoft accounts now support passwordless security, according to Vasu Jakkal, vice president of Microsoft Security, Compliance & Identity Corporate.

Users can use this security feature to access various apps and services including Microsoft 365, Microsoft Outlook, Microsoft OneDrive, Microsoft Family Safety, Microsoft Edge, and others.

Losing a password can cause customers to stop using a service

When rolling out passwordless sign-in to Microsoft accounts, the tech giant painted a grim picture of using passwords to protect accounts.

Microsoft says the pain of losing a password was enough to cause customers to stop using a service. According to a Microsoft study, a third of customers would rather stop using a service than deal with a lost password. This situation causes businesses to suffer financially when they lose customers due to lost passwords.

To avoid this painful experience, most users create simple and memorable passwords that they can remember without the need for a password manager.

“Unfortunately, while such passwords can be easier to remember, they are also easier for a hacker to guess,” Jakkal wrote.

For example, Microsoft found that 15% of people used their pet’s name to generate passwords. Others use surnames and important dates. Likewise, 10% of passwords reused across all sites, while 40% use a predictable formula.

“Security has always been a balance between ease of use and security,” noted Tyler Shields, CMO at JupiterOne. “The cybersecurity vendor community should strive to create easy-to-use cybersecurity experiences that provide an acceptable level of security to the technologies consumers demand.

“A good example is the move to single sign-on and passwordless authentication. Users have failed to maintain proper passwords for decades, which will never change, so innovation must create an easy-to-use alternative that offers proper security with a much better user experience. Companies need to find the right balance between technological innovation and security for traditional models. “

18 billion password attacks each year

Jakkal disclosed that Microsoft has logged 18 billion password attacks on Microsoft accounts each year, with an average of 579 attacks per second.

Therefore, Redmond advises its users to enable passwordless login on their Microsoft accounts. Users can enable Passwordless Authentication on their Microsoft accounts by installing the Microsoft Authenticator app and visiting to enable the “Passwordless Account” in the Advanced Security Options> section additional security.

However, Microsoft does not require users to use passwordless authentication on all of their Microsoft accounts. The tech giant allows them to restore password login to their Microsoft accounts through the same process.

Tech giants seek a password-less future

Microsoft isn’t the only tech giant chasing a password-less future. Google allows users to log into Chrome without a password while Apple announced the iCloud Keychain, a more secure password alternative on Apple’s ecosystem.

Although passwordless authentication is recommended, account recovery is usually a painful process after losing the phone. Additionally, the use of email or SMS for passwordless authentication introduces an attack vector that could be used to compromise accounts.

Microsoft found that 33% of users stop using a service after losing a password, 15% use animal names, 40% use a predictable formula, and 10% reuse #passwords. # cybersecurity #respectdataClick to Tweet

“Passwordless is sometimes a misleading term,” says Joseph Carson, chief security scientist and CISO advisory at ThycoticCentrify. “It’s really about reducing password interactions and helping move passwords into the background, reducing both password pain and cyber fatigue.” . Authentication is still ongoing, but it is becoming more and more contextual.

Carson added that a true world without passwords does not exist and that the term is synonymous with less interaction with passwords.


About Author

Comments are closed.