metamorworks - stock.adobe.com

Microsoft offers passwordless login to all customers

All Microsoft customers will be able to replace passwords with biometric identity, security keys or text confirmation to access their Microsoft accounts.

Microsoft made it possible for all customers, not just business users, to access their Microsoft accounts through a passwordless authentication process.

This week, the company announced that people would be able to turn off passwords and access their Microsoft account using its biometric identity and access engine Windows Hello, the mobile app Microsoft Authenticator, a security key, or a code sent over email or a mobile phone.

Microsoft said passwordless access would protect against phishing attacks while removing the necessity of keeping track of many passwords. The feature has been available to business customers since March. It will roll out the capability to all customers over the coming weeks.

People need to download the Microsoft Authenticator app and sign in through a Microsoft account to go password-free. They can then turn on the passwordless feature through the advanced security option found in additional security options. 

Celina Garcia, CEO of World Class Sales Coaching, said her Mexico City-based company uses Microsoft 365, and the passwordless feature will help WCSC deal with phishing scams more effectively.

"It will be very useful since we don't have to remember passwords or change them frequently," Garcia said. "But we will only use it because we trust Microsoft security, and they safeguard our privacy."

For Stephen Booth, a data analyst at the Birmingham City Council in England, the passwordless capability would mean less overload for the IT department. 

"A few years ago, about half of calls to our service desk were forgotten passwords," Booth said.

Passwords are inherently risky forms of authentication because they can be stolen and used by malicious actors. Also, employees tend to reuse passwords across multiple platforms or create passwords that are easy to crack.

Vasu Jakkal, security, compliance and identity vice president at Microsoft, said a recent Microsoft survey found that 15% of people use their pets' names for passwords, and 1 in 10 reuse passwords across sites. Others built passwords on a formula, such as a name followed by a year.

"Unfortunately, while such passwords may be easier to remember, they are also easier for a hacker to guess," Jakkal said. 

Microsoft debuted Windows Hello, its first passwordless tool, in 2015. People used it to log into a PC through an infrared camera. Since then, the company has been working to bring the passwordless capability to Microsoft accounts.

In the past, Microsoft developed features designed to help customers organize passwords outside of its ecosystem. The web browser Microsoft Edge, for example, has a password management system that keeps passwords stored on the browser.

According to Jakkal, since the company rolled out the latest feature among its employees, nearly 100% of Microsoft employees now use passwordless options to log in to corporate accounts.

Maxim Tamarov is a news writer covering mobile and end-user computing. He previously wrote for The Daily News in Jacksonville, N.C., and the Sun Transcript in Winthrop, Mass. He graduated from Northeastern University with a degree in journalism. He can be found on Twitter at @MaximTamarov.

Dig Deeper on Windows OS and management