Microsoft accounts no longer need to have an associated password
Microsoft makes it possible to have a passwordless Microsoft account. Users who choose this can sign in using alternative methods such as the Microsoft Authenticator app, Windows Hello, a security key, or a verification code.
From Wednesday, Microsoft will make it possible to set up a Microsoft account without a password. For now, it only concerns personal accounts that will get the ‘account without password’ option sometime between now and the coming months. This will appear on both existing accounts that already had a password and when setting up a new account.
Users who want to remove the password from their account must install the Microsoft Authenticator app and associate it with their account. They can then enable or disable the option in the ‘Additional security options’ of their Microsoft account, under ‘Passwordless account’. Finally, they need to verify their account.
Microsoft does warn users that they “may lose access” to some old apps, services and devices. For example, it is not possible to sign in to an Xbox 360 with a passwordless Microsoft account, or to an Office program from 2010 or older or Windows 8.1, Windows 7 or earlier versions.
Microsoft recommends that Xbox 360 or Office 2010 users use an app password. This is an automatically generated password that a user can request from the security options on their account. After one time, the password will expire and a new one must be requested. Microsoft reports that it is always possible to disable ‘Account without password’ again.
Login options include Microsoft Authenticator and Windows Hello, where you do not need a password, but, for example, a PIN or fingerprint. According to Microsoft, such methods are less easy to crack than a password. In addition, passwords are often part of data leaks, which would not happen quickly with a PIN code, for example. Also, users would find passwords annoying. According to a survey requested by Microsoft, a third of people would rather stop using their account completely than reset a password. The company says 85 percent of users log in without a password.
Microsoft further reports that it will soon begin work required to remove passwords from Azure Active Directory accounts. Administrators are then given the option to set whether or not certain users are given that option. The company has been working for some time to be able to remove passwords as a login method for its software and services. Since 2019, a password is already not required for Windows 10.