Tuesday, 28 June 2022 / Published in Microsoft, Security, Software

You can now make your Microsoft account passwordless

Introducing password removal for Microsoft Accounts

Common attacks such as phishing, password spray, and credential stuffing rely on one constant: when it comes to passwords, human behaviour is predictable. With this predictability, attackers still succeed most of time when attempting these types of attacks, even though the tools they’re using are 30 years old.

Microsoft have announced that anyone using a consumer Microsoft account can now go completely passwordless! You can now delete your password from your Microsoft account—or set up a new account with no password—and sign-in using other more secure and convenient authentication methods such as the Microsoft Authenticator app, Windows Hello, or physical security keys.

All it takes is three easy steps: Visit Advanced Security Options for your Microsoft account, select Passwordless Account, then follow the on-screen prompts. Once you’ve removed your password, you can sign in to your account by approving a notification from the Microsoft Authenticator app. It’s as easy as that!

Signing in without a password makes everything faster, easier, and more secure. Best of all, once your password is gone, you won’t have to worrying about remembering it ever again.

Passwords leave enterprises vulnerable

Since attackers only need a single password to breach an account and start infiltrating an organisation, it’s alarming that one in 100 people “protect” a critical account with passwords that can be easily guessed. The most common passwords from 2011, such as 123456, abc123, and iloveyou, are still on the list for most used (and ridiculous) passwords!

In the past decade, the industry has championed two-step verification, which can reduce the risk of compromise by 99.9%. Verifying identity with a password plus an additional factor has helped, but hackers are already starting to side step the second step. As long as passwords are still part of the equation, they’re vulnerable.

Bringing passwordless technology to you

A couple of years ago, Microsoft shared a four-step approach to ending the era of passwords for organisations:

The identity product team at Microsoft has been singularly focused on this goal, collaborating with product teams across Microsoft and with the standards community toward eliminating passwords from the directory. Making significant progress, of which you can read about here.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.