Microsoft is making a new push towards eliminating password-based authentication for its users, by prioritizing passwordless sign-in and sign-up methods.
For the past decade, Microsoft users have had the option to sign-in with their face, fingerprint, or a PIN, through Windows Hello, and over 99% of them sign into their Windows devices this way now, the tech giant says.
To enable users to sign into any account without a password, the industry came up with passkeys, which provide a phishing-resistant authentication method that can be used on any supporting application or website.
While more and more users rely on passwordless methods of authentication, threat actors are increasingly targeting accounts still protected by passwords in brute-force and phishing attacks. Last year, Microsoft recorded over 7,000 password attacks per second.
“As passkeys become the new standard, expect increased pressure from cyberattackers on any accounts still protected by passwords or other phishable sign-in methods,” the company says.
Following the introduction of passkey support for accounts on Microsoft services such as Xbox and Copilot, the tech giant is now making it easier for users to sign-in using passwordless methods.
A simplified sign-in and sign-up user experience now streamlines and prioritizes passwordless authentication, while new Microsoft accounts now provide users with several passwordless options, eliminating the need to enroll a password.
Existing Microsoft users, the company says, can now delete their passwords from the account’s settings.
Focusing on prioritizing safer sign-in options, Microsoft is now automatically detecting the best authentication method for users, and setting it as default.
“For example, if you have a password and ‘one time code’ set up on your account, we’ll prompt you to sign in with your one time code instead of your password. After you’re signed in, you’ll be prompted to enroll a passkey. Then the next time you sign in, you’ll be prompted to sign in with your passkey,” Microsoft explains.
These changes, the company says, not only result in a faster sign-in experience, but also reduce the use of passwords.
“As more people enroll passkeys, the number of password authentications will continue to decline until we can eventually remove password support altogether,” the tech giant notes.
Related: Microsoft 365 Targeted in New Phishing, Account Takeover Attacks
Related: Passkey News: FIDO Unveils New Specifications, Amazon Announces 175 Million Users
Related: Google Now Syncing Passkeys Across Desktop, Android Devices
Related: Passkeys Support Added to Google Accounts for Passwordless Sign-Ins