Microsoft on Wednesday announced a new password-less mechanism that permits users to access their accounts without a password by using Microsoft Authenticator, Windows Hello, a security key, or a verification code sent via SMS or email.
The change is predicted to be unrolled within the coming weeks. This feature will be extended to the full suite of Microsoft apps.
It first introduced password-less sign-ins for Windows 10 in 2019 where users could replace their password with Windows Hello Face, Fingerprint, or PIN to check in to their computers.
"Except for auto-generated passwords that are nearly impossible to remember, we largely create our own passwords," said Vasu Jakkal, Microsoft's corporate vice president for Security, Compliance, and Identity. "But, given the vulnerability of passwords, requirements for them have gotten increasingly complex in recent years, including multiple symbols, numbers, case sensitivity, and disallowing previous passwords."
"Passwords are incredibly inconvenient to create, remember, and manage across all the accounts in our lives," Jakkal added.
Microsoft says that there are 579 password attacks every second, rounding up to 18 billion password attacks each year. The two reasons for this are human nature and hacker nature. It becomes problematic for a user to create a password protected enough that is also easy to remember. And that makes it easy for a hacker to hack passwords that are easy to remember but not safe enough.
Microsoft has also laid out the steps a user would have to take in order to go passwordless.
For this, users would have to sign in to their Microsoft account and head to Advanced Security Options. Once there, select Additional Security Options to reach Password-less Account. Once a user Turns On the option, they will have to follow the on-screen prompts and approve the notification on the Microsoft Authenticator app.
By dropping passwords out of the equation, the thought is to make it difficult for malicious actors to realize access to an account by leveraging a mixture of things like your phone (something you have) and biometrics (something you are) for identification.
Customers can use the new feature to check in to Microsoft services like Microsoft 365, Teams, Outlook, OneDrive, and Family Safety.