Microsoft Accounts to allow signing-in Without a Password
A new passwordless mechanism is introduced by Microsoft, which enables users to use their accounts through Microsoft Authenticator, Windows Hello, a security key, or a verification code sent over email or SMS.
The change is expected to be incorporated in few weeks. Microsoft’s corporate vice president for Security, Compliance, and Identity, Vasu Jakkal, pointed out that users largely create their own passwords except in cases where these are auto-generated, and then they are impossible to remember. She added that the vulnerability of passwords has led to the requirement for complexity in them, which includes symbols, numbers, case sensitivity, and forbidding previous passwords.
Jakkal further pointed out that passwords are difficult to create, remember, and handle across all the accounts.
Also read: Microsoft releases updates to patch vulnerabilities
In the past years, weak passwords have acted as the point of entrance for a number of attacks, to such a level that the windows maker claimed that there are around 579 password attacks every second, which makes the count to 18 billion every year.
The situation has worsened as there is a high need to create passwords that are secure and easy to remember. This results in users using the same password for different accounts, or them depending on easy-to-guess and remember passwords, leading to brute-force password spraying attacks.
Jakkal also noted that 15% of users keep their pets’ names as passwords or utilize family names and important dates, including birthdays.
The whole idea over here is to make it inconvenient for threat actors to gain access to an account by taking advantage of multiple factors such as the holders’ phone and biometrics for identification.
The new feature is designed to facilitate customers to sign in to Microsoft services, including Microsoft 365, Teams, Outlook, OneDrive, and Family Safety. This can be done after linking their accounts to an authenticator app like Microsoft Authenticator and turning on the Passwordless Account setting under Advanced Security Options > Additional Security Options.
