Microsoft expands passwordless logins to all accounts

Microsoft is making all its accounts passwordless as tech giants continue to work toward eliminating passwords completely.

The software giant will now allow customers to sign in using passwordless methods like Windows Hello, the Microsoft Authenticator mobile app or a verification code sent to your phone or email. According to the company, this feature will help to protect your Microsoft account from identity attacks like phishing while providing even easier access to apps and services like Microsoft 365, Microsoft Teams, Outlook, OneDrive, Family Safety, Microsoft Edge and more.

To access this feature, you’ll have to set up the passwordless option yourself. To do so, you’ll have to download the Microsoft Authenticator app, available for iOS and Android, and link it to your account.

Then you’ll need to sign in to your Microsoft account via a browser, and go to the Advanced Security Options page and turn on Passwordless Account. From there you can follow the on-screen instructions to determine how to use the feature.

Is passwordless the way forward? 

Microsoft says that passwords make users an easy target while wasting time and presenting barriers to app usage. The results of a YouGov survey it commissioned found that 30% of people have stopped using an account or service altogether rather than deal with a password reset. 28% of users write their passwords down, making them more susceptible to being hacked.

“We are expected to create complex and unique passwords, remember them, and change them frequently, but nobody likes doing that … [That’s why] for the past couple of years we’ve been saying that the future is passwordless,” Vasu Jakkal Corporate Vice President, Security, Compliance and Identity wrote in a blog post. “Weak passwords are the entry point for the majority of attacks across enterprise and consumer accounts. There are a whopping 579 password attacks every second — that’s 18 billion every year.”

More devices accessing systems from more locations expands the corporate IT estate, which in turn widens the potential attack surface. Companies are well aware of the risk implications of this and are trying to reduce it. 

Gartner predicts that 60% of large and global enterprises will be passwordless for more than half of use cases by 2022. That rises to 90% for midsize enterprises.