Microsoft Accounts Can Now be Accessed Without a Password

Microsoft announced yesterday that it's planning in the following weeks to introduce a new mechanism that doesn't require a password for accessing accounts on Microsoft accounts. Instead, users will be able to use Windows Hello, Microsoft Authenticator, a verification code sent via SMS or email, or a security key, according to The Hacker News.

Vasu Jakkal, Microsoft's corporate vice president for Security, Compliance, and Identity stated, "Except for auto-generated passwords that are nearly impossible to remember, we largely create our own passwords," [...] "But, given the vulnerability of passwords, requirements for them have gotten increasingly complex in recent years, including multiple symbols, numbers, case sensitivity, and disallowing previous passwords."

He went on to describe how difficult it is to generate, remember, and control passwords across all our accounts.

Passwords may be obsolete

For years, Microsoft stated that there are roughly 579 password attacks every second, equivalent to a mind-boggling 18 billion attacks a year. Moreover, the requirement to generate passwords that are both easy to remember but yet difficult to guess or brute-force has made people vulnerable to password spraying attacks.

Jakkal also states that 15% of users have used their pets' names for password inspiration, with dates of birth, names, or any other easy and short words. To make it more difficult for threat actors to obtain access to an account, the company's plan is to render passwords irrelevant by using phone numbers and biometrics as identity.

How will users be able to set it up?

Customers can utilize the new passwordless sign-in option for Family Safety, OneDrive, Outlook, Teams, and Microsoft 365 after linking their personal accounts to an authenticator app like Microsoft Authenticator and enabling the "Passwordless Account" setting from Advanced Security Options > Additional Security Options.