Microsoft has enabled a new option to remove password authentication from user accounts for its services. This means that the only way to sign in will be through physical security keys, biometric data such as fingerprints or Windows Hello facial recognition, emailed codes and the Microsoft Authenticator app running on Android phones and iPhones.
Why eliminate passwords?
One of the biggest problems with passwords is that we reuse them, which means a single data breach can expose many accounts. But strong, unique passwords are difficult to create and difficult to remember. Password managers help solve this problem, but day-to-day use of the software can be tricky, even for experienced users.
- Read more: the best password managers
Although ingrained in habits, the problems are leading tech giants to move away from using passwords for authentication. Biometrics, such as fingerprint and facial identification, have been a big help, as has the FIDO (Fast Identity Online) standard, now integrated into browsers and operating systems. The transition is important for anyone who wants to avoid hackers and identity thieves.
How to clear your password
Microsoft recommends first installing and configuring the Microsoft Authenticator application.
Microsoft Authenticator is a service provided by Microsoft that allows you to set up two-factor authentication on all your accounts that offer it, whatever they are.
To disable password authentication, go to account.microsoft.com and open Security Options. Then go to additional "Other security options".
Find the "Account without password" block and click on the "Enable" option.
Post-password authentication
In addition to the Microsoft Authenticator application, the user can (and should) add several different means of authentication to their Microsoft account. FIDO2 security keys in particular can be used for authentication.
80 stars Read the test
Winkeo FIDO2
The Winkeo FIDO2 security key from Your Country Neowave is an interesting solution for securing online accounts with a physical device. Its small format allows you to carry it everywhere, attached to a keychain to connect to your favorite services, without the need to use another means of double authentication.
More classically, it is also possible to choose to send an SMS or a verification code by email. In this case, it is recommended to protect this e-mail account with a two-factor authentication method. Several methods can be activated as here with 6 methods: 2 emails, 2 phones, 1 via Microsoft Authenticator notification, 1 with physical key.
"If you decide you'd rather keep using a password, you can always add it back to your account. But I hope you'll try it without a password, and I don't think you'll want to go back." " , said Vasu Jakkal, Microsoft's Security and Identity Marketing Manager in a blog post.
The steps taken by Microsoft in favor of password erasure are also beneficial for the enterprise. It actually harbors less data that hackers could steal from the source.
About 200 million Microsoft customers, both home and business, have already adopted passwordless sign-on, according to Microsoft. That figure is up from 150 million in 2022.
