The change comes as the entire IT industry rethinks its decades-long reliance on “shared secret” passwords — or the kind you have to remember. People have a tendency to lose and forget them, creating extra costs and headaches for companies and customers alike.
“We know people hate passwords,” Vasu Jakkal, Microsoft’s corporate vice president of security, compliance and identity, said in an emailed statement. “Thirty percent of people said they just have stopped using an account or service they were trying to log into rather than deal with a password reset. I’ve even done that. Imagine the shopping carts, memberships or accounts that have been abandoned because of password issues.”
Another big problem with passwords is that people reuse them across sites and apps. Once hackers get their hands on one password by breaching a company’s servers, it’s easier to break into multiple accounts. A cybercriminal can trick someone in a phishing attack or buy passwords on the dark Web. Microsoft says there are 579 password attacks every second, or 18 billion a year.
Andrew Shikiar, executive director at the Fast Identity Online Alliance (FIDO), an industry association with members including Microsoft, Apple, Google and Facebook working on open standards for passwordless authentication, suggested opting for the Authenticator app or Windows Hello, which comes with Windows 10 and 11 and lets you use your face or fingerprint to sign in.
Two-factor authentication is more secure than a password alone, but your account is still at risk of being compromised if someone gets ahold of your email account, phone or the security codes sent to either, he said.
If you want to go passwordless, here are the steps you can take.
- Download the Microsoft Authenticator app and log into your account. (You may need to enable notifications and touch ID for the app.) Then, go to account.microsoft.com and log in again.
- On microsoft.com, select Security → Advanced Security Options → Additional Security Options → Passwordless Account → Turn On.
- Once that’s done, go back to your Authenticator app, approve the notification, and enjoy being one step closer to the “passwordless future” Jakkal and Shikiar are ushering in.
Until that future arrives, consider using a password manager to track your passwords and generate hard-to-guess alternatives to the classic-but-dangerous “Password123.” Our favorite is Dashlane.