Now that Microsoft lets you ditch your passwords for Outlook.com, Xbox Live and other online accounts, you might want to consider taking the jump. Dumping your logins can improve security and convenience.
Ditching your password can improve security, if only because it means you don’t have to rely on your memory to get into your accounts. We all have too many passwords to remember and that means we often end up recycling them on multiple sites. You know what that means: One data breach can lead to several of your accounts getting cracked open. (You can use a password manager to minimize the chore, but they can be hard to use.)
Passwordless login also means that if a website is breached, there’s no password for a hacker to steal. Passwordless logins can thwart phishing attacks, which use counterfeit websites to try to steal login credentials, too.
Microsoft’s post-password push arrives in the middle of a major modernization attempt. The company will roll out new Surface products on Wednesday. Next month, Microsoft will release Windows 11 and Office 2021.
A constellation of improvements makes passwordless login possible: biometrics, such as fingerprint and face ID; increasing use of authenticator apps by Microsoft, Google, Okta and others; and a core enabling standard called FIDO, Fast Identity Online, that’s supported by all browsers and operating systems. Among FIDO’s abilities is enabling the most secure login lockdown option, hardware security keys.
Microsoft is one of the biggest proponents of login reform, which is why 200 million of us so far have enabled passwordless login. Now, it’s nudging us to take the next step by removing the password, too. That might seem extreme, but there’s a good chance you’ll see more passwordless options as the technology spreads.
“Collectively, the learnings from these earlier adopters will help establish best practices for other companies that are looking to follow suit,” said Andrew Shikiar, executive director of the FIDO Alliance. “Virtually every top bank and service provider that I’ve spoken to absolutely has FIDO on their roadmap and is working through the technical and user experience considerations needed to successfully protect their customers as well.”
Here’s how to dump your Microsoft password:
Install and set up Microsoft Authenticator on your phone. The app works on Android-powered smartphones and iPhones. Once it’s installed, launch it and link it to your Microsoft online account:
Open your Microsoft account settings page in a browser (https://account.microsoft.com/) and log in there, too. Open the “Security” section:
Open the “Advanced security options” section:
Scroll down to the “Additional security” section and select “Turn on” for “Passwordless account.” You can also dig into the “Learn more if it is right for you” if you’re concerned about the repercussions.
You’ll get a prompt to set up passwordless access, then an approval request in the Microsoft Authenticator app on your phone:
And that’s it. Your password is gone:
If you want it back, you can re-enable it through the same “Advanced security options” process: