Weak passwords are a key cause of cyberattacks, so Microsoft is betting big on a ‘passwordless future’ with its latest feature.
Microsoft is rolling out a new passwordless login feature over the coming weeks.
This means that users will be able to remove the password associated with their Microsoft account and log in to services using the Microsoft Authenticator app or other methods instead.
A previous announcement in March confirmed that the feature was being rolled out for the company’s commercial clients to use in their hybrid work environments. But starting from today (15 September), users around the world will be able to go passwordless.
“For the past couple of years, we’ve been saying that the future is passwordless, and today I am excited to announce the next step in that vision,” Vasu Jakkal, VP of security, compliance and identity at Microsoft, wrote in a company blog post.
He said that users can sign in to Microsoft apps such as Outlook, OneDrive and Family Safety by choosing one of four options. This includes the Microsoft Authenticator app, the biometrics-based Windows Hello feature, a security key, or a verification code sent to the user’s phone or email.
Passwords are one of the biggest gateways to data breaches. According to the 2019 Verizon Data Breach Investigations Report, 80pc of hacking-related breaches involved compromised and weak passwords. Because of this, security professionals often suggest going passwordless where possible and switching to other methods of verification.
Quoting Microsoft’s chief information security officer, Bret Arsenault, Jakkal wrote: “Hackers don’t break in, they log in.” Pointing out that weak passwords are a major culprit behind cyberattacks, he said that there are 579 password attacks in the world every second – which is around 18bn every year.
“I was shocked to learn that nearly a third of people say they completely stop using an account or service rather than dealing with a lost password. That’s not only a problem for the person stuck in the password cycle, but also for businesses losing customers.”
How to get started with Microsoft Authenticator
The easiest way to enable the passwordless login feature is to download the Microsoft Authenticator app on your phone and link it to your Microsoft account.
Users can then log into their Microsoft account, choose Advanced Security Options and select Additional Security Options. A new option called Passwordless Account should be visible for users that have received the update.
Once this option is turned on, users will have to follow a few on-screen prompts that result in a notification from the Microsoft Authenticator app. Approving that notification removes the user’s existing password and completes the passwordless account set-up.
For users who prefer to use passwords instead of the new feature, an option to add the password back is available in the security menu.