Microsoft accounts to no longer need passwords

Microsoft is taking a step towards a passwordless future by removing the requirement for a password from all Microsoft Accounts.

With the change, users will have the option to sign in directly through the Microsoft Authenticator app, with Windows Hello, using a security key, or with a verification code sent to their mobile devices, bypassing the password entry.

The announcement earlier this morning signals a shift towards significantly stronger account security, said Vasu Jakkal, corporate vice president of Microsoft security, compliance and identity marketing.

“Hackers don’t break in, they log in,” said Jakkal during a background briefing with journalists, referencing a sentiment by Bret Arsenault, Microsoft chief information security officer. She explained that there are 579 password attacks every second, or 18 billion per year.

Strong passwords are often hard to remember. It’s understandable, then, that weak passwords such as “123456” or “abcdef” are still commonly used. Unfortunately, these passwords fall easy prey to simple brute force attacks. According to haveibeenpwned.com, a website that tracks account breaches, the password “123456” has been seen more than 24 million times.

In recent years, password managers have bolstered password strengths but they also aren’t perfect. Jakkal said that although these services have done an admirable job at making accounts more secure by helping generate and store robust passwords, they also provide a single point of failure. If the master password is compromised, then the attacker can gain access to the password vault, potentially causing terrible damage to the victim.

Users can enable passwordless sign-on under “Advanced Security Options” in their Microsoft accounts, and they can revert back to using passwords at any time. They will also be able to easily recover their Authenticator app if their mobile devices are lost or stolen.

In the same briefing, Jakkal said that nearly 100 per cent of full-time Microsoft employees now use passwordless sign-in.

The feature will be rolled out over the coming weeks to all Microsoft accounts.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Tom Li
Tom Li
Telecommunication and consumer hardware are Tom's main beats at IT World Canada. He loves to talk about Canada's network infrastructure, semiconductor products, and of course, anything hot and new in the consumer technology space. You'll also occasionally see his name appended to articles on cloud, security, and SaaS-related news. If you're ever up for a lengthy discussion about the nuances of each of the above sectors or have an upcoming product that people will love, feel free to drop him a line at tli@itwc.ca.

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.