Microsoft is making a big step towards a passwordless feature today by making passwords optional for personal MSA accounts. The company previously enabled passwordless sign in for commercial users earlier this year, and it’s now following up by allowing consumers to ditch their MSA account password in favor of more secure alternatives.
"Beginning today, you can now completely remove the password from your Microsoft consumer account. Use Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to your phone or email to sign in to your favorite apps and services, such as Outlook, OneDrive, FamilySafety, and more,” explained Vasu Jakkal, CVP of Microsoft Security.
The reason Microsoft believes going passwordless is the future is pretty simple: it’s not only impossible for humans to remember multiple complex passwords that need to be changed from time to time, and passwords can also be obtained by hackers by various means, including social engineering techniques. For an organization, a hacker managing to breach a single account could have really devastating consequences.
"We’ve heard great feedback from our enterprise customers who have been on the passwordless journey with us. In fact, Microsoft itself is a great test case — nearly 100% of our employees use passwordless options to log in to their corporate account,” explained Jakkal.
To go passwordless with your personal Microsoft account, you’ll first need to install the Microsoft Authenticator app on your iOS and Android device and sign in there with your account. Once you’re ready, you can visit account.microsoft.com, sign in, and choose Advanced Security Options. Under “Additional Security Options, there should be a “Passwordless Account” option, which you can turn on.
Microsoft says that this feature will be rolled out to consumer accounts over the coming weeks, so you may not be able to go passwordless immediately. Anyway, be assured that you can still re-add a password for your Microsoft account if you’re not ready yet to go fully passwordless.