Microsoft to remove passwords forever

Users will be asked to provide their fingerprints or other security features

Microsoft is now working on creating a passwordless world, where users will be more secure and feel safer. The company has announced that all users will be able to remove all the passwords from their Microsoft accounts and, instead, apply a special mobile authentication application or other security features.

The passwordless sign-in option is nothing new for Microsoft since it is available for enterprise customers who use Azure Active Directory (AAD). However, the company is now making a great step forward by providing this feature to consumers with Microsoft accounts on Windows 10 and Windows 11.

According to Microsoft, almost 100% of its employees already use the new passwordless and safer system.

The problem with passwords

“We are expected to create complex and unique passwords, remember them, and change them frequently, but nobody likes doing that either. In a recent Microsoft Twitter poll, one in five people reported they would rather accidentally “reply all”—which can be monumentally embarrassing—than reset a password” said Vasu Jakkal, Microsoft corporate vice president of the Microsoft Security, Compliance, Identity, and Management division. “For the past couple of years, we’ve been saying that the future is passwordless, and today I am excited to announce the next step in that vision. In March 2021, we announced that passwordless sign-in was generally available for commercial users, bringing the feature to enterprise organizations around the world” she added.

In Microsoft’s passwordless world the users will be asked to provide the fingerprint as proof of authentication or use some other security feature to a mobile application and as the company pointed out these processes are way more secure than passwords, that malicious third parties can guess or steal.

As Vasu Jakkal underlined, “weak passwords are the entry point for the majority of attacks across enterprise and consumer accounts. There are a whopping 579 password attacks every second—that’s 18 billion every year”. She even explained that this is attributed to two factors: that users choose predictable passwords and that hackers have the means to break them.

Users have the opportunity to try the new passwordless era immediately just by using Microsoft Authenticator, and if they decide they prefer using passwords, they can always add them back to their accounts. The company, however, urges its users to “give passwordless a try” and as it emphasizes, they will not want to return to using passwords again.

Users are vulnerable

According to recent studies, 1% of users secure critical accounts by using easily guessed passwords. This makes hackers’ lives easier since they need only a “guess” to hack an account and start penetrating an organization or user’s bank account. It is enough to consider that most common passwords from 2011, such as 123456, abc123, and iloveyou, are still on the list of top 20 worst passwords, to realize how predictable users are and how easy it is for an intruder to enter their account.

To reduce the chance of hacker intrusion, tech companies have introduced two-step verification. The process of verifying users’ identity with a password plus an additional factor is true that has significantly improved the security of users’ accounts. However, hackers have also improved their skills and are already starting to bypass the second step of verification.

Microsoft estimates that in a passwordless world, users will be more protected and it will become very difficult for hackers to steal personal data and access users’ accounts. It remains to be seen whether the company’s assessment is correct or whether hackers will be able to find another way to easily penetrate users’ accounts.

George Mavridis is a freelance journalist and writer based in Greece. His work primarily covers tech, innovation, social media, digital communication, and politics. He graduated from the Aristotle University of Thessaloniki with a BA in Journalism and Mass Communication. Also, he holds an MA in Media and Communication Studies from the Malmö University of Sweden and an MA in Digital Humanities from the Linnaeus University of Sweden.