Passwords are a bit of a problem for the average connected device user. They are expected to be secure and unguessable, and many sign-in services insist they mix in various lower and upper case letters, numbers, and even special characters – which makes them unmemorable for genuine users/customers. We have greater availability of biometric access security nowadays, but we still seem to be quite some way from the promised 'passwordless future'. People are generally OK with managing their passwords as long as they don't have to change devices often, or services don't enforce regular password changing, but these are situations that people do often face.
On Wednesday, one of the biggest and most influential OS and software vendors, Microsoft, helped us get one step closer to going passwordless. In a blog post Vasu Jakkal CVP of Security, Compliance and Identity at Microsoft announced that the passwordless future is here for your Microsoft account. In March 2021, Microsoft enabled this feature for commercial users, and has now it has rolled it out for all users – you can delete your Microsoft Account password today…
Jakkal goes into some detail about the problems with passwords, human nature, and hackers before providing a quick outline of how to go through a few clicks in your Microsoft Account settings to banish the use of passwords for many things Microsoft and/or Microsoft controlled. An important step to make before going any further is to download and setup the Microsoft Authenticator app. This app is available for Android or iOS, so of course you are going to need a modern smartphone. Once the app is on your device, verify your ID, and add your fingerprint, face ID, or PIN – to enable two-factor authentication (2FA).
Next, visit your Microsoft Account on the web, you need to sign in here (sorry, one last time), then you choose Advanced Security options. Under Additional Security Options, you’ll see a Passwordless Account toggle. Select Turn on. Follow the on-screen prompts and confirming the deed has been done, you will see the following notification on your smartphone Authenticator app:
From here on in, you will be able to log into your Microsoft accounts and services without any password. This covers "your favourite apps and services, such as Microsoft Outlook, Microsoft OneDrive, Microsoft Family Safety, and more." It probably covers stuff like Skype, Microsoft Edge, and Windows too, but that isn't explicitly stated, sadly. Another Microsoft blog post goes into detail about using Microsoft Edge in a passwordless environment, and with the help of Microsoft Authenticator and Password Monitor, though.
If you have gone ahead and zapped your Microsoft Account password, but don't like some aspect of the new experience, don't worry, Microsoft says you can always add it back to your account. Microsoft's employee experience shows the passwordless move is popular, though, as "nearly 100 percent of our employees use passwordless options to log in to their corporate accounts".