Microsoft Looks Beyond Password Protection For Accounts

Microsoft has taken a major step in an effort to bolster account security, with the news that it is moving away from password protection.

Microsoft pointed out that in March this year it began to allow the passwordless sign in for commercial users.

But now the software giant has announced that over the following weeks, it will allow all users to completely remove the password from their Microsoft account and sign in via another verification solution.

Microsoft’s enthusiasm for passwords has been waning for a while now. Back in 2011 for example, Redmond banned Hotmail users from using easy-to-guess passwords.

Passwordless future

Microsoft announced that it was removing the need for people to use passwords to log into their accounts in a blog post by Vasu Jakkal, corporate VP, security, compliance and identity at Redmond.

Jakkal said that instead of passwords, users can use the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to a phone or email to sign in to apps and services, such as Microsoft Outlook, Microsoft OneDrive, Microsoft Family Safety, and more.

“Nobody likes passwords,” wrote Jakkal. “They’re inconvenient. They’re a prime target for attacks. Yet for years they’ve been the most important layer of security for everything in our digital lives – from email to bank accounts, shopping carts to video games.”

“We are expected to create complex and unique passwords, remember them, and change them frequently, but nobody likes doing that either,” wrote Jakkal. “In a recent Microsoft Twitter poll, one in five people reported they would rather accidentally “reply all” – which can be monumentally embarrassing – than reset a password.”

“Beginning today, you can now completely remove the password from your Microsoft account,” Jakkal wrote.

He pointed to a telling comment made by a colleague was that “hackers don’t break in, they log in.”

Just a few clicks

Jakkal explained how it would take just a few quick clicks to go passwordless.

“First, ensure you have the Microsoft Authenticator app installed and linked to your personal Microsoft account,” Jakkal wrote.

“Next, visit your Microsoft account, sign in, and choose Advanced Security Options. Under Additional Security Options, you’ll see Passwordless Account. Select Turn on,” Jakkal added. “Finally, follow the on-screen prompts, and then approve the notification from your Authenticator app. Once you’ve approved, you’re free from your password!”

If the user decides they prefer using a password, they can always add it back to their account.

However Jakkal pointed out that “nearly 100% of our employees” were already using the new, more secure system for their corporate accounts.

This drive to go passwordless does include a few exceptions, and passwords will still be needed for accounts for Office 2010, Xbox 360 consoles, and Windows 8.1 etc.

Multi-factor authentication

But at least one security expert believes the move will make it more difficult for hackers to practice their trade.

“This move from Microsoft is a sign of things to come for online security,” said Mantas Sasnauskas, lead cybersecurity researcher at CyberNews. “The future of personal account logins will undoubtedly be passwordless, as more systems will rely on robust authentication procedures rather than requiring users to remember passwords that are often not strong enough, or too complex to remember.”

“We have known for some time that multi factor authentication is one of the strongest ways to protect an account, as access to multiple devices and biometric data is required for access,” said Sasnauskas. “With this system in place, it becomes much harder for threat actors to compromise an account.

“More companies will be moving towards this, as Apple added features in iOS 15 to prepare for a similar moves towards more secure logins and to drop the use of passwords,” Sasnauskas concluded.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

AT&T Admits Data Breach Impacted “Nearly All” Customers

American telecommunications giant AT&T admits that “nearly all” customer accounts were compromised in 2022 breach

8 hours ago

Elon Musk’s X Breached DSA Rules, EU Finds

X's Blue checks 'used to mean trustworthy sources of information. Now our preliminary view is…

12 hours ago

Japan’s SoftBank Acquires AI Chip Start-up Graphcore

SoftBank Group has purchased another British chip firm, with the acquisition of Bristol-based Graphcore Ltd…

13 hours ago

Samsung AI-Upgraded Bixby Voice Assistant Coming This Year

Samsung reportedly confirms it will launch the upgraded voice assistant Bixby this year, that will…

1 day ago

Next Neuralink Brain Implant Coming Soon, Says Musk

Despite an issue with first Neuralink implant in a patient, Elon Musk says second brain…

1 day ago

EU Accepts Apple’s Legal Commitments To Open NFC Access

Legal commitment over Apple's NFC-based mobile payments system, which is to be opened to rival…

1 day ago