Microsoft just enabled password-free logins for all users — how to set it up

1. Home
2. News
3. Security

Microsoft just enabled countersign-complimentary logins for all users — how to set it up

(Image credit: Tada Images/Shutterstock)

After years of promising to impale the countersign, Microsoft is finally delivering.

You'll now be able to completely abolish the countersign for your personal Microsoft account (schoolhouse and piece of work accounts won't piece of work) every bit long as you are running a recent version of Windows 10 or 11 and have at least two other verification factors.

• Every Mac tin be hacked by this new flaw, and at that place's no ready yet
• The all-time password managers to protect all your accounts
• Plus: How to sentry Foundation online for free

These include the Microsoft Authenticator smartphone app, which is required. The others can exist a Windows Hi biometric credential (i.e. your face or a fingerprint), a hardware security key, or a quondam passcode sent to you lot via text message or electronic mail.

Passwordless login for your Microsoft business relationship should work with near of the Microsoft universe, including Border, Office365, OneDrive, Outlook.com, Skype, Teams and Xbox Live.

However, information technology won't piece of work on older devices and operating systems, including Windows 7, Windows 8.i or fifty-fifty Windows 10 upwardly to version 1809; Office 2010, or Function 2011 for Mac; Xbox 360; Windows Telephone 8; and the Remote Desktop protocol. For some of these, you'll be able to set up Microsoft device-specific app passwords.

Why Microsoft is making this change

"Weak passwords are the entry point for the majority of attacks across enterprise and consumer accounts," wrote Vasu Jakkal, Microsoft'due south corporate vice-president of security, in a company blog mail yesterday (Sept. 15). "At that place are a whopping 579 password attacks every second — that's 18 billion every year."

More than 17 years after Nib Gates famously predicted the decease of the password, Microsoft has given up trying to get people to create and utilize stiff, unique passwords, Jakkal explained.

"Passwords are incredibly inconvenient to create, remember, and manage across all the accounts in our lives," he said. "Nearly a third of people say they completely cease using an business relationship or service rather than dealing with a lost password."

(Tom'due south Guide disagrees: Strong, unique passwords aren't hard to handle as long as you lot're using one of the best countersign managers, some of which are gratuitous. Nosotros'll take upward this consequence with Microsoft privately.)

How to set upward Microsoft passwordless logins

Microsoft rolled out passwordless logins to its enterprise customers back in March, and now it'southward available to consumers as well. Here's how to set it up.

1. Install the Microsoft Authenticator app for iOS or Android on your smarthphone.

ii. Log into or create a Microsoft account at https://business relationship.microsoft.com/.

3. Click Security in the top navigation bar on your Microsoft account dashboard page.

4. Click Advanced Security Options on the following folio.

5. Click Turn On in the Passwordless Account box halfway downwardly the following page, nether the heading Additional Security.

6. Click Side by side in the dialogue box that pops up.

vii. Follow the prompts.

eight. Approve the confirmation asking sent to the Microsoft Authenticator app on your phone.

Should you get rid of your Microsoft password?

Yous tin already avoid typing your Microsoft password without ditching it altogether. Most Windows ten PCs permit you log in with a device-specific Pin instead of the Microsoft password. If you have the Microsoft Authenticator app, then when you log into your Microsoft business relationship online, you lot're asked to match verification codes instead of using your password.

Nosotros're also not sure what happens if you kill your Microsoft countersign and and then lose access to your Authenticator app if your phone dies or y'all lose it.

Microsoft's support page for passwordless logins states that "you can nonetheless access your Microsoft Business relationship using an alternate recovery method like text message or a fill-in electronic mail address," but the offset requires a working phone and the second, easy access to a PC.

Plus, says the support page, "if you have Ii Step Verification turned on, you will need to take access to 2 recovery methods," which might be difficult to come by in certain situations.

So we're not near to surrender our Microsoft business relationship countersign. Jakkal is right that whatsoever password is vulnerable to phishing attacks (unless you utilize a hardware security key for two-factor authentication), but we're not yet totally comfortable going without ane.

• More: Windows xi TPM 2.0 requirement all of a sudden leaves virtual machines users locked out

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He'due south been rooting around in the data-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown upwardly in random TV news spots and even moderated a panel discussion at the CEDIA habitation-technology briefing. You lot tin follow his rants on Twitter at @snd_wagenseil.

Source: https://www.tomsguide.com/news/microsoft-passwordless-logins

Posted by: murphycalat1937.blogspot.com

Share this post