Microsoft users can now sign into their accounts without a password. They can choose to delete their password entirely and opt for an alternative sign-in method.
This move follows Microsoft’s rollout of the feature for commercial users earlier this year. Instead of passwords, people can sign in with the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent via email or text message.
Microsoft has been in the process of going “passwordless” for some time. The pandemic and the mass shift to remote work simply sped up the rollout.
Vasu Jakkal, CVP of Microsoft Security, Compliance & Identity, pointed out that the digitalization of businesses led to having more digital surfaces, hence—points vulnerable to attack.
Today, people have online accounts for everything—from banking and insurance policies to medical portals and, as mentioned, work. Sloppy security practices like using the same login credentials for multiple sites can lead to costly damages.
Most services now offer two-factor authentication to strengthen user security. This involves using a password, plus an additional factor like a security code or biometric data. But the easiest, safest way to ensure protection is to choose a solid password manager.
It appears, however, that Microsoft has chosen a different approach—forgoing passwords altogether. The company says that more than 200 million people are already using passwordless options. It’s uncertain how this will play out in the long run.
When it comes to something as important as online security, multiple verification factors are always better. Going passwordless may be easier, but it’d be hard to argue it offers more protection against threats like ID theft than a multifactor login.
All the same, Microsoft has made opting for a passwordless account temptingly easy. Users just need to download the authenticator and follow the instructions. To go back to using a password, they simply have to create a new one.