United Kingdom

Microsoft: Users can now delete all passwords from their accounts and log in with other methods

Microsoft has announced that all users can now go 'passwordless' — logging in to their accounts using other methods like fingerprints or authenticator apps instead.

The move by the Redmond, Washington-based firm follows an initial rollout of the feature to Microsoft's business customers back in the March of this year. 

According to the firm, nearly all of their employees are already taking advantage themselves of the passwordless login features. 

The problem with passwords, they argued, is that they can be guessed or stolen — and, when elaborate enough to be secure are generally hard to remember. 

In contrast, they said, only the correct users can provide their fingerprint or respond using the authenticator app on their phone.

It is unclear, however, how safe one's account would be in the event that the phone containing the authenticator app was hacked, either remotely or after a theft.

MailOnline has approached Microsoft for comment on this issue.

The passwordless feature will not work with some older devices and platforms, however — including Xbox 360 consoles, Office 2010 and Windows 8.1 or earlier. 

Scroll down for video 

Microsoft has announced that all users can now go 'passwordless' — logging in to their accounts using other methods like fingerprints or authenticator apps (pictured) instead

HOW TO GO PASSWORDLESS 

Microsoft had the following instructions for users wishing to go passwordless themselves:

Source: Microsoft 

'Nobody likes passwords. They’re inconvenient. They’re a prime target for attacks,' Microsoft's corporate vice president for Security, Compliance and Identity, Vasu Jakkal, wrote in a blog post.

'Yet for years they’ve been the most important layer of security for everything in our digital lives— from email to bank accounts, shopping carts to video games.

'We are expected to create complex and unique passwords, remember them, and change them frequently, but nobody likes doing that either.

'For the past couple of years, we’ve been saying that the future is passwordless, and today I am excited to announce the next step in that vision. 

'Beginning today, you can now completely remove the password from your Microsoft account,' Mr Jakkal continued.

'Use the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to your phone or email to sign in to your favourite apps and services, such as Microsoft Outlook, Microsoft OneDrive, Microsoft Family Safety, and more. 

'This feature will be rolled out over the coming weeks,' he concluded. 

According to Microsoft, users who go passwordless and then lose access to their authenticator app can resort to one of a number of backup login options.

These include facial recognition (where available), a physical security key or using SMS or email codes.

The latter, however, are two of the most common pathways by which cyber-criminals target individuals. Furthermore, users employing two-factor authentication will need to have access to two separate recovery methods to take control of their account.

The move by the Redmond, Washington-based firm follows an initial rollout of the feature to Microsoft's business customers back in the March of this year. Pictured: the Microsoft account settings page that allows users to set up a passwordless account

According to the firm, nearly all of their employees are already taking advantage themselves of the passwordless login features

The move is 'a bold step from Microsoft' University of Surrey security expert Alan Woodward — who is investigating passwordless authentication — told BBC News. 

'This isn't just logging into PCs, it's logging into online services as well,' he noted, referencing important online facilities like cloud storage.

However, the researcher noted, Microsoft's claims about the issues with poor password use are largely true. 

'The message has been pummelled home about what good password hygiene looks like - but it's easier said than done,' he said.

'Maybe the time is now right to start looking for something different,' he added — noting that one issue comes in how there are no standards for passwordlessness.

'There are a number of different ways this could be done — and it would be good if everybody moved on, really, and tried to find a way of doing this.' 

The problem with passwords, Microsoft have argued, is that they can be guessed or stolen — and, when elaborate enough to be secure are generally hard to remember

'This move from Microsoft is a sign of things to come for online security,' said CyberNews' lead cybersecurity researcher, Mantas Sasnauskas.

'The future of personal account logins will undoubtedly be passwordless, as more systems will rely on robust authentication procedures rather than requiring users to use passwords that are often not strong enough, or too complex to remember.

'We have known for some time that multi factor authentication is one of the strongest ways to protect an account, as access to multiple devices and biometric data is required for access.

'With this system in place, it becomes much harder for threat actors to compromise an account,' he added.

'More companies will be moving towards this, as Apple added features in iOS 15 to prepare for a similar moves towards more secure logins and to drop the use of passwords.'

CHOOSING A SECURE PASSWORD

According to internet security provider Norton, 'the shorter and less complex your password is, the quicker it can be for the program to come up with the correct combination of characters. 

The longer and more complex your password is, the less likely the attacker will use the brute force method, because of the lengthy amount of time it will take for the program to figure it out.

'Instead, they'll use a method called a dictionary attack, where the program will cycle through a predefined list of common words that are used in passwords.'

Here are some steps to follow when creating a new password:

DO:

DO NOT:

Football news:

Vinicius was racially abused during the match with Barca. La Liga will inform the prosecutor's office
Kristoffer Ayer: According to the level of Liverpool's attack, it seems as if they don't notice some of the opponent's players
In Barca, they are dissatisfied with the game of Pique, Alba and Busquets. Some players may be sold after Koeman's dismissal
Messi and Mbappe missed PSG training before the match with Lille
Merson on Sulscher: Anyone else would have been fired by now. He is as lucky as a coach can be
Ancelotti on Koeman's dismissal: It's part of our job. This has happened to me many times
Barcelona wants to get rid of Luc de Jong in the winter. They don't count on him after Koeman's dismissal