Microsoft removes passwords as default for new accounts

Microsoft removes passwords as default for new accounts

World Passkey Day and Microsoft’s Move Towards Passwordless Authentication

On May 1st, the tech world celebrated World Passkey Day, an initiative led by the FIDO Alliance, dedicated to advancing standards for passwordless authentication. In line with this initiative, Microsoft announced a significant development: new Microsoft Accounts will now be created passwordless by default, marking a substantial shift in how users can access their accounts.

Transitioning from Traditional Passwords

For years, Microsoft has been advocating for a move away from conventional passwords. The launch of Windows Hello alongside Windows 10 nearly a decade ago introduced biometric options for users to log in using facial recognition, fingerprints, or a PIN. Moreover, Microsoft integrated passkey support via Web Authentication (WebAuthn) in its Edge browser, complementing the rollout of comprehensive guides for utilizing passkeys on Windows 11.

Understanding the Security Rationale

The main reason behind this paradigm shift towards passwordless authentication is security. As acknowledged by Microsoft, passwords have long represented a significant vulnerability, susceptible to phishing schemes and credential stuffing attacks. In fact, recent statistics reveal that a staggering 7, 000 password attacks occur every second, a figure that has more than doubled since 2023. In contrast, passkeys leverage cryptography linked to devices or unique user identities, offering a much more resistant alternative to exploitation.

How the New Account Setup Works

When users create a new Microsoft Account, they will no longer encounter a traditional password requirement. Instead, during the account setup, they can select passwordless authentication methods such as utilizing Windows Hello on a compatible device or using the Microsoft Authenticator app on their smartphones. Microsoft emphasizes this transition with the following statement:

As part of this simplified UX, we’re changing the default behavior for new accounts. Brand new Microsoft accounts will now be “passwordless by default.” New users will have several passwordless options for signing into their account and they’ll never need to enroll a password.

Encouraging Existing Users Towards Passwordless Solutions

Furthermore, once users log in, they will receive prompts encouraging them to set up a passkey if they haven’t done so already, fostering a gradual transition away from password reliance. Early results from these efforts indicate a 20% reduction in password usage among participating users, with experiences showing that those using passkeys enjoy quicker and more successful logins compared to traditional passwords and multi-factor authentication systems.

Microsoft’s commitment to this passwordless future not only promises enhanced user security but also a streamlined and efficient account management experience.

Source & Images

Related Articles:

Microsoft Raises Prices on Xbox Consoles and Accessories
More gamers transition to Windows 11 as Windows 10 support ends

Leave a Reply

Your email address will not be published. Required fields are marked *