Write a review
  2. News
  3. Online Privacy and Security

New Microsoft accounts 'passwordless by default'

Microsoft is transitioning to passwordless accounts, utilizing secure passkeys with PINs, facial recognition or fingerprints to enhance cybersecurity. Image via Microsoft.

Users still need passwords for email accounts associated with Microsoft

  • New Microsoft accounts will be "passwordless by default" and instead setup a passkey.
  • A passkey is a digital credential using a PIN code, facial recognition or fingerprint linked to a device.
  • Existing Microsoft accounts are also encouraged to stop using passwords.

Microsoft is moving away from passwords as part of a push for better cybersecurity.

New Microsoft accounts, including Windows, Microsoft 365 and Xbox, will now never need to enroll for a password and instead can use a passkey.

A passkey is linked to a device such as a computer or smartphone and can come in the form of a PIN code, facial recognition or fingerprint for supported devices. Google has been promoting a similar system for several months.

Existing Microsoft accounts can delete their passwords and will now have a passkey as the preferred way to sign in.

"Although passwords have been around for centuries, we hope their reign over our online world is ending," Microsoft said.

More than 15 billion acccounts online can now sign on with passkeys, according to industry cybersecurity group FIDO Alliance. 

"But we need billions more to make every sign-in passwordless," Microsoft said.

A step forward for online safety

Microsoft's move is a good step towards better security for people online, cybersecurity experts said.

"I think this is an encouraging decision by Microsoft, long overdue," said Roger Grimes, data-driven defense evangelist at cybersecurity company KnowBe4, in a statement.

Grimes said that his Microsoft account is regularly attacked by hackers and bots trying to guess his password and Microsoft doesn't do enough to warn users.

Still, emails that require passwords are necessary for signing up for Microsoft accounts so users need to stay vigilant, said Darren James, senior product manager at cybersecurity company Specops Software, in a statement.

"Passwords as we all know are still a key attack vector, but sadly we can’t just forget about passwords," James said. "So although Microsoft won’t need to worry about your passwords being stolen from them, you will still need to make sure that any recovery methods you put in place still have a strong, unbreached password, or even better a passphrase and hopefully with a 2nd factor of authentication that isn’t something you can lose."

Sign up below for The Daily Consumer, our newsletter on the latest consumer news, including recalls, scams, lawsuits and more.

Get the news you need delivered to you

Sign up to receive our free weekly newsletter. We value your privacy. Unsubscribe easily.

By entering your email, you agree to sign up for consumer news, tips and giveaways from ConsumerAffairs. Unsubscribe at any time.

You’re signed up

We’ll start sending you the news you need delivered straight to you. We value your privacy. Unsubscribe easily.