Microsoft has announced that all users can now go ‘passwordless’ — logging in to their accounts using other methods like fingerprints or authenticator apps instead.
The move by the Redmond, Washington-based firm follows an initial rollout of the feature to Microsoft’s business customers back in the March of this year.
According to the firm, nearly all of their employees are already taking advantage themselves of the passwordless login features.
The problem with passwords, they argued, is that they can be guessed or stolen — and, when elaborate enough to be secure are generally hard to remember.
In contrast, they said, only the correct users can provide their fingerprint or respond using the authenticator app on their phone.
It is unclear, however, how safe one’s account would be in the event that the phone containing the authenticator app was hacked, either remotely or after a theft.
MailOnline has approached Microsoft for comment on this issue.
The passwordless feature will not work with some older devices and platforms, however — including Xbox 360 consoles, Office 2010 and Windows 8.1 or earlier.
Scroll down for video
Microsoft has announced that all users can now go ‘passwordless’ — logging in to their accounts using other methods like fingerprints or authenticator apps (pictured) instead
‘Nobody likes passwords. They’re inconvenient. They’re a prime target for attacks,’ Microsoft’s corporate vice president for Security, Compliance and Identity, Vasu Jakkal, wrote in a blog post.
‘Yet for years they’ve been the most important layer of security for everything in our digital lives— from email to bank accounts, shopping carts to video games.
‘We are expected to create complex and unique passwords, remember them, and change them frequently, but nobody likes doing that either.
‘For the past couple of years, we’ve been saying that the future is passwordless, and today I am excited to announce the next step in that vision.
‘Beginning today, you can now completely remove the password from your Microsoft account,’ Mr Jakkal continued.
‘Use the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to your phone or email to sign in to your favourite apps and services, such as Microsoft Outlook, Microsoft OneDrive, Microsoft Family Safety, and more.
‘This feature will be rolled out over the coming weeks,’ he concluded.
According to Microsoft, users who go passwordless and then lose access to their authenticator app can resort to one of a number of backup login options.
These include facial recognition (where available), a physical security key or using SMS or email codes.
The latter, however, are two of the most common pathways by which cyber-criminals target individuals. Furthermore, users employing two-factor authentication will need to have access to two separate recovery methods to take control of their account.
The move by the Redmond, Washington-based firm follows an initial rollout of the feature to Microsoft’s business customers back in the March of this year. Pictured: the Microsoft account settings page that allows users to set up a passwordless account
According to the firm, nearly all of their employees are already taking advantage themselves of the passwordless login features
The move is ‘a bold step from Microsoft’ University of Surrey security expert Alan Woodward — who is investigating passwordless authentication — told BBC News.
‘This isn’t just logging into PCs, it’s logging into online services as well,’ he noted, referencing important online facilities like cloud storage.
However, the researcher noted, Microsoft’s claims about the issues with poor password use are largely true.
‘The message has been pummelled home about what good password hygiene looks like – but it’s easier said than done,’ he said.
‘Maybe the time is now right to start looking for something different,’ he added — noting that one issue comes in how there are no standards for passwordlessness.
‘There are a number of different ways this could be done — and it would be good if everybody moved on, really, and tried to find a way of doing this.’
The problem with passwords, Microsoft have argued, is that they can be guessed or stolen — and, when elaborate enough to be secure are generally hard to remember
‘This move from Microsoft is a sign of things to come for online security,’ said CyberNews’ lead cybersecurity researcher, Mantas Sasnauskas.
‘The future of personal account logins will undoubtedly be passwordless, as more systems will rely on robust authentication procedures rather than requiring users to use passwords that are often not strong enough, or too complex to remember.
‘We have known for some time that multi factor authentication is one of the strongest ways to protect an account, as access to multiple devices and biometric data is required for access.
‘With this system in place, it becomes much harder for threat actors to compromise an account,’ he added.
‘More companies will be moving towards this, as Apple added features in iOS 15 to prepare for a similar moves towards more secure logins and to drop the use of passwords.’
