Microsoft has just announced something massive, which will create turbulence for millions of users. In less than a month, the tech company has announced that it will be removing passwords. Reverberating reactions have been witnessed with this news, with some individuals being happy that they do not need to memorize yet another password, and others being cautious about the security of their accounts. Therefore, we need to be quick and take the steps required in order to tighten your secured accounts as long as their passwords are still stored in Microsoft.
All those typical attacks (phishing, password spray, credential stuffing) use one constant fact: in the case of passwords, human beings are predictable. This predictability, however, does not prevent the success of bad actors most of the time in launching such forms of attacks, even though the tools they are employing are 30 years old.
Today, we are thrilled to show that every customer with a consumer Microsoft account can now be passwordless! Now you are able to remove the password to your Microsoft profile, or create a new account without a password, and log in by some other safer and convenient verification systems, e.g., the Microsoft Authenticator application, Windows Hello, or hardware security keys.
Just in three simple steps: Go to the Advanced Security Options in your Microsoft account, choose Passwordless Account on the page, and then do what you are instructed on the screen. That’s it! After finishing the process of deleting your password, you will be able to log in to your account, clicking on the message in the Microsoft Authenticator app.
- Microsoft’s Move Toward Passwordless Authentication: Microsoft announced it will eliminate passwords for consumer accounts, enabling logins via more secure methods like Microsoft Authenticator, Windows Hello, or hardware security keys.
- Implementation Steps for Passwordless Setup: Users can switch to a passwordless account through their Microsoft account’s security settings by selecting the ‘Passwordless Account’ option and following on-screen instructions.
- Security Benefits of Passwordless Login: Replacing passwords with verification systems reduces the success of attacks such as phishing, credential stuffing, and password spray, which rely on human predictability.
- Risks and Challenges of Password Use: Passwords, especially simple ones, are a significant vulnerability, and even multi-factor authentication can be bypassed, emphasizing the need for eliminating passwords altogether.
- Future Developments in Passwordless Technology and Adoption: Microsoft plans to further remove passwords from Azure AD accounts, giving administrators and users options to opt out of password use and encouraging a world without passwords.
In The passwordless future is here, Vasu Jakkal goes into great detail as to why signing in without a password is simple, quick, and safer. Best of the best, you will be able to forget a password forever after it is removed.
Enterprises are vulnerable to passwords.
It is bad news that out of 100 people, one of them is using simple passwords to protect a critical account, given that cyber criminals just need one correct password to access a user account, and then begin to infiltrate a company. The all-time popular ones like the 123456, abc123, and iloveyou are still found on the list of the top 20 (worst)!
Over the last ten years, the sector has led the adoption of the two-step verification, which lowers the threat of victimization by 99.9%. Password with an additional factor of identity verification has assisted, though, hackers are already beginning to beat the second step. Until they have gotten rid of passwords, they will be compromised.
Passwordless technology at your service
Two years ago we posted a four-step plan to kill the password era in organizations:
This is all our identity product team has been examining in one particular dial, and it has cooperated with product teams in Microsoft and in the standards community in the effort to remove passwords out of directory. And we have brought along great improvements.
On October 13, you have an opportunity to access Your Passwordless Future Starts Now digital event at which Vasu, members of my team, and other experts around Microsoft will discuss strategies and approaches to building a world without passwords. It is 90 minutes that you would not want to miss!
What’s next
We innovate constantly to introduce passwordless to more and more customers. Besides, creating new and fun methods to log in without a password, we will begin the development effort soon to remove passwords on Azure AD accounts. Administrators will have options on whether to require or even permit access by a number of users without passwords or just plainly, non-existent passwords. Users can decide not to come up with a password during the creation of a new account or they can remove the password that is in an account that is used.
Your feedback is as we keep on advancing towards password less future, priceless. See answers.microsoft.com for your questions and comments.
Learn more about Microsoft identity:
- Back to the blog home Azure Active Directory Identity blog home
- Read and chat on Twitter and LinkedIn
- Provide product recommendation in the Azure Feedback Forum
