After offering the passwordless authentication option to enterprise customers in March 2021, Microsoft has now started rolling it out to its consumer segment of users.
The Passwordless account option
“Beginning today, you can now completely remove the password from your Microsoft account. Use the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to your phone or email to sign in to your favorite apps and services, such as Microsoft Outlook, Microsoft OneDrive, Microsoft Family Safety, and more,” announced Vasu Jakkal, Corporate VP of Security, Compliance and Identity at Microsoft.
Users are (or very soon will be) able to switch on the feature by visiting their Microsoft account’s Advanced Security Options, then Additional Security. Before choosing to turn of the Passwordless account option, they need to download and install the Microsoft Authenticator app.
Unfortunately, the option won’t work with some older versions of Windows, apps, and services, such as:
- Windows 8.1, Windows 7 or earlier
- Some Windows features (including Remote Desktop and Credential Manager)
- Some command line and task scheduler services
- Office 2010 or earlier
- Office for Mac 2011 or earlier
- Products and services which use IMAP and POP email services
- Xbox 360
Microsoft has made sure that users can add a password to their account again at a later date, though they hope many users will give passwordless security a try and stick with it long-term.
“If you lose access to your Microsoft Authenticator app, you can still access your Microsoft Account using an alternate recovery method like text message or a backup email address. If you have Two Step Verification turned on, you will need to have access to two recovery methods,” the company added.
The future of authentication is passwordless
In 2004, Bill Gates “predicted” a passwordless future, and that future is coming – slowly but surely.
Though passwords are still by far the most prevalent method of authentication, the inability of many users to choose unique, strong passwords and memorize them (or use a password manager to do it for them), their propensity for falling for phishing schemes, and the fact that compromised passwords are still the top cause of data breaches has made passwordless authentication a holy grail for providers of IT solutions and services.
“While passwords can be guessed, stolen, or phished, only you can provide fingerprint authentication, or provide the right response on your mobile at the right time,” Microsoft noted.