Microsoft will now let its users log in without passwords
Rishi Iyengar, CNN Business
(CNN) — Microsoft has a solution for the familiar problem of needing to remember too many passwords: doing away with them altogether.
The company announced Wednesday that it will introduce a “passwordless account” option for all users of several popular services such as Microsoft Outlook and Microsoft OneDrive in the coming weeks. Microsoft previously made this option available to corporate accounts in March.
“You can now completely remove the password from your Microsoft account,” Vasu Jakkal, the company’s corporate vice president of security, compliance and identity, wrote in a blog post Wednesday.
Instead of passwords, Microsoft will let users sign in to these services with either the company’s Authenticator app, which produces a unique numbered login code every few seconds, or with Windows Hello, which lets users sign in using facial recognition, a fingerprint or a unique pin. Microsoft users can also buy an external security key, like a USB drive with login information stored on it, or register a phone number to which Microsoft sends a verification code.
The change from Microsoft comes after a spike in cyberattacks over the past year. With the majority of corporate employees working from home because of the coronavirus pandemic, hackers have many more avenues to infiltrate a company’s systems — and compromising passwords is one of their most common strategies. (Microsoft has also had its share of security issues in recent months, with its services linked to multiple high-profile hacks and breaches.)
Passwords can often end up for sale on the dark web, where they are bought and used to hack even more services. Hackers have even gone after password managers that aim to make login data more secure, with popular service LastPass hacked in 2015.
According to Microsoft, 579 password attacks take place every second, adding up to 18 billion attacks a year. And cybersecurity experts have said the weakest link is human behavior — our tendency to re-use the same password across accounts so it’s easy to remember, or create patterns for different passwords that are easy for hackers to guess.
“Weak passwords are the entry point for the majority of attacks across enterprise and consumer accounts,” Jakkal said.
Microsoft appears to be leading by example in its effort to pioneer a passwordless future. According to Jakkal, almost all of the company’s own employees now log into their corporate accounts without passwords.
Other companies such as Google and Apple also offer password alternatives — sending a notification on another device to verify your identity, for example — but those solutions haven’t completely replaced the need to type out a password just yet.