Passwordless logins expand to all Microsoft accounts

In November 2018, Microsoft announced that it would do away with passwords for Microsoft account sign-ins on Edge by offering alternatives including biometric authentication, FIDO-2 compatible keys, and the Microsoft Authenticator app. The same sign-in experience later came to school accounts in Azure Active Directory as well as enterprise customers. And now, starting today, Microsoft says it’s expanding support for passwordless login to Microsoft accounts for apps and services including Outlook, OneDrive, and FamilySafety.

Citing the results of a YouGov survey it commissioned, Microsoft says that passwords make users an easy target while wasting time and presenting barriers to app usage. Thirty percent of people have stopped using an account or service altogether rather than deal with a password reset, the survey found. And 28% of users write their passwords down, making them more susceptible to being hacked.

Beginning today, consumer account holders can use the Authenticator app, Windows Hello, a security key, or a verification code sent to their phone or email to sign into a range of Microsoft services. Following the launch in March of passwordless sign-in for enterprise users, Microsoft CVP of identity and management Vasu Jakkal says that it’ll roll out globally over the coming weeks.

“We are expected to create complex and unique passwords, remember them, and change them frequently, but nobody likes doing that … [That’s why] for the past couple of years we’ve been saying that the future is passwordless,” Jakkal wrote in a blog post. “Weak passwords are the entry point for the majority of attacks across enterprise and consumer accounts. There are a whopping 579 password attacks every second — that’s 18 billion every year.”

Passwordless logins

To enable passwordless login, users first have to install the Authenticator app and link it to their personal Microsoft accounts. Then, they have to visit account.microsoft.com, sign in, and turn on the Passwordless Account setting under the Advanced Security Options menu. After following the on-screen prompts and approving the notification from Authenticator, they’ll be able to use passwordless login.

“Current Microsoft apps and services and recent versions will work with a passwordless account. Some older versions of apps and services are not supported yet and still require a password,” a Microsoft spokesperson told VentureBeat via email. The apps and services that aren’t supported yet and still require a password include:

• Xbox 360 or earlier
• Office 2010 or earlier
• Office for Mac 2011 or earlier
• Products and services that use IMAP and POP email services
• Windows 7, Windows 8.1, Windows 10 1809 or earlier.
• Some Windows features including Remote Desktop and Credential Manager
• Some command line and task scheduler services

Tech giants broadly are adopting passwordless login technologies as data breaches reach an all-time high. Apple announced last year that it’ll allow users to sign into websites on Safari using Face ID and Touch ID, and in June, the company unveiled a protocol called Passkeys that lets users sign up for services without opting for passwords. For its part, Google, which in August 2019 began allowing Android users to verify their identities using a fingerprint or screen lock on supported websites, this spring began automatically enrolling account holders in two-factor authentication.