From time to time, Microsoft announces that passwords are on the way out and that alternative authentication methods such as biometric scans, verification codes, security keys, and Authenticator apps are the way forward. This is a sentiment echoed by Google as well. Today, Microsoft has made good on this promise, and announced that you no longer need a password to sign in to your account.
Microsoft has cited a number of issues with the use of passwords, including inconvenience, insecurity, and the fact that a fair share of people simply give up on using a service rather than going through the password reset process.
Starting today, you can remove a password completely from your Microsoft account and instead sign in to the company's services using alternative authentication methods such as Windows Hello, security keys, verification codes, or the Microsoft Authenticator app. The Redmond tech giant says that passwords are highly susceptible to malicious attacks, as people simply reuse them across accounts or utilize simplistic formulas for creating new passwords. These are relatively easy to guess for hackers who can utilize password spray attacks and phishing to gain access to vulnerable accounts. Indeed, even the UK government recently advised the public to use unique passwords that are a combination of three random words rather than thinking up complex passwords or reusing an existing one.
In order to go truly passwordless on your Microsoft account, the tech firm has stated that you should first install the Microsoft Authenticator app and link it to your account. After that, head over to the portal here, and select Advanced Security Options > Additional Security > Passwordless Account > Turn on. On completion of the on-screen prompts, you will be shown a notification saying that "you have increased the security of your account and improved your sign-in experience by removing your password."
You can reconfigure your account to use passwords if you want, but the messaging from Microsoft is clear: It really wants to kill off passwords, and soon. The change will start rolling out today and will be available to all within the next few weeks.
Microsoft has noted that the capability is only available for consumer accounts right now but work is being done to offer the same for enterprise accounts utilizing Azure Active Directory (AAD). As usual, admin configurations to toggle this behavior will be available too.