Microsoft Makes Passwordless Sign-Ins the Default for New Accounts
In a groundbreaking move, Microsoft has announced that all new accounts will now be passwordless by default. Instead of relying on traditional passwords, users will authenticate using more secure methods such as passkeys, push notifications, and physical security keys. This decision marks a significant step in the company’s ongoing efforts to eliminate passwords altogether, a goal it has been working towards for years.
What Does Passwordless Mean?
Passwordless authentication replaces traditional alphanumeric passwords with more secure and user-friendly options. These include biometric methods such as facial recognition and fingerprint scanning, as well as PINs and hardware-based security keys. Microsoft has emphasized that these methods not only enhance security but also improve the user experience by making sign-ins faster and more reliable.
Redesigned Sign-In Experience
To support this transition, Microsoft has revamped its sign-in interface. The new design prioritizes passwordless options, making them the default choice for users. According to the company, this simplified user experience (UX) aims to encourage more users to adopt passkeys and other secure methods. Microsoft stated, “Brand new Microsoft accounts will now be ‘passwordless by default.’ New users will have several passwordless options for signing into their account and they’ll never need to enroll a password.”
Existing Users Can Opt for Passwordless
While the new policy applies to newly created accounts, existing Microsoft account holders can also transition to passwordless authentication. Users can remove their passwords through account settings and switch to passkeys or other secure methods. This flexibility allows users to adopt the new system at their own pace while still benefiting from enhanced security.
Why Is Microsoft Moving Away from Passwords?
Passwords have long been a weak link in cybersecurity. They are often reused across multiple accounts, making them vulnerable to breaches and phishing attacks. According to Microsoft, the company blocks 7,000 password-related attacks per second, a figure that has nearly doubled in recent years. Additionally, adversary-in-the-middle phishing attacks have increased by 146% year over year.
Passkeys, on the other hand, are resistant to such attacks. They eliminate the risks associated with forgotten passwords, one-time codes, and phishing scams. Microsoft reports that passkey users experience a 98% sign-in success rate, compared to just 32% for those using traditional passwords.
Global Rollout and Adoption
Microsoft has already begun rolling out passwordless sign-ins across its consumer applications, including Xbox, Microsoft 365, and Windows. The company plans to expand this feature to its business applications in the future, ensuring that the system is thoroughly tested and secure before wider implementation.
The adoption of passkeys has been promising. Microsoft notes that nearly one million passkeys are registered daily, and the initial launch of the redesigned sign-in experience resulted in a 10% drop in password use and a 987% increase in passkey adoption.
Challenges and Future Goals
Despite the benefits, transitioning to a passwordless future is not without challenges. Microsoft has acknowledged that some users may be hesitant to adopt new authentication methods. To address this, the company has conducted extensive user studies and experiments to refine its approach. For example, proactive nudges at key moments, such as account creation or password resets, have proven effective in encouraging users to enroll in passkeys.
Looking ahead, Microsoft’s ultimate goal is to completely eliminate passwords from its ecosystem. This means creating accounts that only support phishing-resistant credentials, ensuring maximum security for users.
Conclusion
Microsoft’s decision to make passwordless sign-ins the default for new accounts represents a significant milestone in the evolution of digital security. By prioritizing secure and user-friendly authentication methods, the company is not only enhancing the safety of its platform but also setting a new standard for the tech industry. As adoption rates continue to grow, the era of passwords may soon become a thing of the past.
Source: Microsoft Blog, Microsoft Entra Blog