Starting today, Microsoft is offering users the option to remove passwords from their Microsoft accounts, as long as you are not using certain features or apps on a regular basis.
“Over the past two years, we have said that the future is password-less, and today I am delighted to announce the next step in this vision,” writes Vasu Jakkal, vice president of security. , compliance and identity for Microsoft. “As of today, you can now completely remove your Microsoft account password. Use the Microsoft Authenticator app, Windows Hello, a security key or verification code sent to your phone or email to sign in to your favorite apps and services, such as Microsoft Outlook, Microsoft OneDrive, Microsoft Family Safety, etc.
The rest of the article focuses on Microsoft’s sales pitch for getting rid of passwords. Passwords are boring, that’s for sure. Many people are not good at them, as evidenced by the fact that passwords like “password123” and “abcdefg” still frequently appear on leaked lists (unless password policies prevent it). Tell people to add numbers and special characters, and you can bet “p4ssw0rd! 23” will appear on the list.
Microsoft is not wrong in pointing out flaws and shortcomings in existing password systems, but there are a few caveats to its plans as well. There are some practical restrictions on who can use this ability. Microsoft says that you must continue to use a password if you use any of the following services:
- Xbox 360
- Office 2010 or earlier
- Office for Mac 2011 or earlier
- Products and services using IMAP and POP messaging services
- Windows 8.1, Windows 7 or earlier
- Some Windows features, including Remote Desktop and Credential Manager
- Some command line and task scheduler services.
Microsoft notes that losing access to the Microsoft Authenticator will still allow you to access your Microsoft account, provided you have set up an account recovery method (this account is, presumably, still password protected) . If you have enabled two-step verification, the company adds, you will need to set two recovery methods.
Some of the secondary authentication methods supported by Microsoft, such as SMS and email, are either subject to security vulnerabilities in themselves or may still depend on the security of your email password. . It’s also true that facial recognition systems like Windows Hello have been bypassed in the past, a few months ago more recently. The amount of work required to cheat biometric authentication systems has generally increased in recent years, making them somewhat better options than in the past. But such systems are not foolproof either.
Even so, Microsoft is probably right that such methods are, at least, much less under attack than passwords themselves.
Readers concerned with moving away from passwords from a civil liberties perspective should be aware that biometric authentication is not necessarily protected in the same way as passwords. A password is unambiguously “something you know,” and as such, you can assert a 5th Amendment right against personal self-incrimination if you are asked to provide one. Biometric data such as your face and fingerprints are considered ‘something you are’ and decisions on whether to collect it without consent have gone in opposite directions without the Supreme Court ruling on the matter. . Password cracking and identity theft are more likely to be practical problems for the vast majority of readers, but if you are concerned about legal issues, biometrics are not as secure as passwords. past.
Whether this is of great practical value in an era when law enforcement also has access to cracking software from various security companies is another question. Microsoft’s FAQ has more details on the topic for those who want more information.
- Microsoft introduces password suppression for Microsoft accounts
- Your Microsoft account just became completely password-less
- Microsoft adds no password option for account access
- Microsoft accounts can now be completely password-less
- Microsoft users can now permanently abandon their passwords
- Microsoft is deploying passwordless login for all Microsoft accounts
- Microsoft just enabled passwordless logins for all users – how to set it up
- Microsoft is giving up passwords: here’s how you can sign in with other methods
- NordPass introduces Web Vault and third-party logins