Microsoft Goes Passwordless: A New Era of Account Security

Microsoft is making a bold move towards a future without passwords, aiming for a "passwordless by default" experience for new accounts. This shift signifies a major change in how users will interact with their Microsoft logins, potentially enhancing security and simplifying the login process.

The company has been exploring passwordless sign-in options for several years, notably with Windows Hello. Now, new users will be prompted to set up passkeys upon creating their Microsoft accounts. But what exactly are passkeys, and why is Microsoft so eager to ditch passwords?

Passkeys: Simpler and More Secure

Passkeys offer a significant upgrade in both usability and security. Unlike traditional passwords, which are vulnerable to phishing attacks and require complex management, passkeys are cryptographically generated, stored securely on your device, and encrypted by default. This means that without physical access to your device, malicious actors cannot compromise your accounts.

Imagine logging into your accounts with just your face or fingerprint. That's the promise of passkeys. Microsoft reports that users signing in with passkeys are three times more successful at getting into their account than password users (about 98% versus 32%). Moreover, passkey sign-ins are eight times faster than using a password and multifactor authentication.

How New Passkey Setup Works

With the new "passwordless by default" setting, new Microsoft accounts will streamline the signup process. Users will enter their email address, verify it with a one-time code, and then be prompted to add a passkey using their preferred biometric method or PIN. This eliminates the need to create and remember a complex password.

Microsoft is also simplifying the sign-in experience by automatically detecting the best available sign-in method. For example, if you have both a password and a one-time code set up, you'll be prompted to use the one-time code first, followed by an encouragement to enroll a passkey.

The End of Passwords?

Microsoft's commitment to a passwordless future is evident in its goal to eventually remove password support completely. This transition has been gaining momentum, with nearly a million passkeys being registered daily for Microsoft accounts.

While passkeys are not without their challenges—such as the potential inconvenience of losing the device containing the key—the benefits outweigh the drawbacks. As more websites and services adopt passkey support, the internet will become a safer and more user-friendly space.

Microsoft's move towards passkeys marks a significant step forward in online security. As the world embraces this new authentication method, will passwords become a distant memory? Share your thoughts and experiences with passkeys in the comments below.

• Cybersecurity
• Microsoft
• Passkeys