Forgot your password? Don’t worry about it. Microsoft has confirmed that users can now forgo passwords entirely when signing-in to Windows and Microsoft accounts. Instead of remembering a random jumble of letters or, let’s be honest, a loved one’s birthday or pet’s name to login to your laptop… you’ll be able to rely on Microsoft Authenticator, Windows Hello facial recognition, or an SMS verification code.
Microsoft has promised to make passwords extinct for years, however, the Redmond-based company’s work has been accelerated by the pandemic. Earlier this year, it allowed commercial users to begin to use password-less login when working from home.
Speaking about the decision to roll-out that feature, Vasu Jakkal, corporate vice president of Microsoft security, compliance and identity, told gadget blog The Verge: “When you have digital transformation and businesses having to go remote overnight …the number of digital surfaces has increased exponentially. The number of attack surfaces has increased exponentially, so that was a big driving factor for us in accelerating a lot of our security initiatives.”
And now, that capability is rolling out to everyone.
To enable the feature, you’ll need to visit the Microsoft account webpage. From there, head to the Security tab, then pick Advanced Security Options, and then enable Passwordless Account to remove the need to use a password. With the password gone, you’ll need to verify your identity with the Microsoft Authenticator app, Windows Hello facial recognition, or an email or SMS verification code.
The latter works in a similar way to two-factor authentication. Microsoft will send a unique code to your email address or mobile phone number. The idea is that only you will have access to your inbox or mobile phone, since these accounts and devices are locked behind passwords or facial recognition systems too.
With one less password to memorise, hopefully it means users can use more complicated and unique passwords for the remaining accounts that require them. When users re-use the same password for every account, hackers only need to gain access to data from a single website… and that login will unlock dozens of other websites and accounts, including pivotal services like email and banking.
Microsoft Authenticator, which is available on iOS and Android, checks your identity too, if you don’t fancy copy-pasting codes from a text message or email. You’ll need to download the app and link it to your Microsoft account, then you’ll only need to approve the changes and you can wave goodbye to passwords.
Of course, it’s possible to reverse the process and start using a password with your Microsoft account again in the future if it’s not for you.
And if you want an easy way to ensure every single one of your online accounts is protected with a unique, uncrackable password, it’s worth looking at a password manager.
These applications sync across your gadgets and fill-in the login fields for you automatically. All you need to remember is one really strong password to unlock your password vault… and then the password manager does everything else.
One such option is LastPass. This password manager, which is available to test for free, automatically checks your password and email addresses against known breaches.
So, if one of your emails or passwords has been hacked – you’ll know about it immediately and can change the password to another unique, random jumble of letters, symbols, and numbers. And since all of your other passwords are uniquely generated by the app too, it should hopefully be the only breach.