You no longer need a password to log in to your Microsoft account.
Passwords can be one of the weakest links in online security, and Microsoft now has ditched them altogether. Next time you log in to your Microsoft account, you can choose an alternate login method instead. We’ve used passwords for so long that it seems impossible to move.
After all, how do you log in if you can’t type a passcode? And are biometric methods like fingerprint readers just fancy ways of authenticating yourself, so the computer can then supply a password?
“Passwords are an outdated form of authentication, with bad user experience, weak security, and added help desk burden all rolled into one,” Tim Callan, chief compliance officer at Sectigo, told Lifewire via email. Don’t hold back, Tim—tell us what you really think.
The purpose of a password is to prove that you are who you say you are. It’s a (preferably) unique string of characters that only you know. The problem is that they can be stolen or guessed. People tend to use weak passwords so they can remember them.
The answer is to use a password manager app, which generates long strings of mixed letters, symbols, and digits and remembers them for you. The user only needs to remember one password—the one that unlocks the app—so it can be a good one. These apps also discourage password reuse, which is another no-no.
“We can’t memorize strong passwords and tend to re-use them,” password security advocate “Password Professor” told Lifewire via email. “Re-using passwords is one of the worst things you can do. When a website gets hacked, and its passwords end up on the Dark Web, criminals use them to log into your other accounts.”
You’ve probably already used a password alternative. Your phone may let you unlock its built-in password-storage keychain with a fingerprint, for example. Other examples are SMS and email verification codes and two-factor authentication (2FA), which uses an app to generate one-time codes. Often, these are used in conjunction with a password.
The one-time passwords (OTP) are preferable because they use a different, freshly-generated code each time you log in, and the code expires after a short time—typically 30 seconds.
There are still advantages to passwords. For one, you cannot be legally forced to give them up, and even if you could, you may conveniently forget them.
“[Our legal team] discovered that, in the US, a person is entitled to refuse to give up their passcode to the police. This is based on the Fifth Amendment, which states that each person has the right against self-incrimination.” Nordpass’s Patricia Cerniauskaite told Lifewire via email.
“Even if the police have a warrant, they can’t compel the person to reveal their password.”
“Re-using passwords is one of the worst things you can do.”
That counts for your online accounts, but also for the passcode you use to unlock your phone. But when it comes to fingerprints and face scans, everything changes.
“Things are different when it comes to biometric data,” says Cerniauskaite. “While passcodes are considered as a testimonial, biometrics exist objectively and are comparable to giving a DNA or blood sample. So, if the police have a warrant, they can use a person’s biological data to unlock their phone.”
Somewhat counterintuitively, biometrics is a particularly bad way to authenticate yourself. They may be unique to you, but you are stuck with them. If your password or credit card details are stolen, you can change them. If your biometrics are compromised, then you cannot.
Passwords are a pain, but the alternatives aren’t much better. They may be more or less secure, but none of these methods is particularly convenient. Password managers make it easy to wrangle not only passwords, but OTP and even physical security keys, and using a combination of these is probably your best bet.
Microsoft’s effort is still laudable. After all, removing passwords is probably removing the most prominent security hole in Microsoft accounts and pushing people towards at least trying the alternatives. One of the most significant barriers to password alternatives is momentum. We’re just so used to them. If nothing else, Microsoft is giving us a taste of the future.