Although a completely future without password is still far, you will soon be able to take a big step in that direction by creating your Microsoft account password. The company announced today that the password-less features it already offers to corporate customers will now be available to everyone.
Over the next few weeks, Microsoft will roll out support for a password-free life in the Microsoft Authenticator app and biometrics-based Hello sign-in service for Windows. You’ll be able to set things up to use biometrics like a fingerprint or facial scan, a hardware authentication token, or a verification code sent to your phone or email as an alternative to a password. Like your old connection, the new system will allow you and over a billion other Microsoft account holders to access services like Office 365 and OneDrive.
“The number of cyber attacks has increased due to identity and password theft. “Without passwords, you have advanced security, and it’s so much easier. It’s just a slam dunk.”
Passwordless systems use biometrics (something you are) or things like hardware security keys (something you have) to confirm that you are who you say you are; in other words, to authenticate you. In contrast, passwords are “something you know,” which becomes a problem when that information is found or guessed by others. In systems without a password, however, even the security codes sent to your phone are really “something you have” instead of “something you know”, as they require you to have access to your smartphone for a while. a short specific period of time.
This conceptual change makes password-less systems more secure in many ways, but people are so used to passwords after using them for decades that it is sometimes difficult to convince them to try anything else. If you have invested time in setting up a password manager, you may feel like a lot of the aggravation is part of the whole situation anyway. And logging in without a password is so easy that it can to feel less secure, simply because there’s less hassle looking into your webcam for a face scan or sticking a YubiKey into a USB port.
Even within Microsoft, it took years to design and implement an alternative structure that eliminated passwords altogether instead of just adding more layers of defense on top of it.
“I remember it was in 2017, and we started talking about what would happen if, instead of improving multi-factor authentication, we changed course to simply eliminate passwords,” explains Bret Arsenault. , Chief Information Security Officer at Microsoft. “I was sitting there thinking, is that just spelling that someone in marketing made up?” And then I thought, well, if we really wanted to eliminate passwords, what would we do differently? It was like a lit light bulb.
Microsoft claims to have more than 200 million password-less users since its enterprise deployment. And the company isn’t the only tech giant to offer alternatives to logging in with a password. It has a particular influence, however, given the ubiquity of Windows and Office 365 with businesses and individuals.
To permanently remove your Microsoft password, download the Microsoft Authenticator app and link it to your Microsoft account. Then go to account.microsoft.com, choose Log in, then Advanced security options. Under Additional security to look for Account without password and press Light up. Follow the prompts, then approve the change from the Authenticator app.
That’s it. If you want to reverse the process, there is an option to re-add your password. But who would miss it?
“You think everyone hates passwords, but there is a faction of people who love passwords,” says Arsenault. “They are called criminals.”
More great WIRED stories