Microsoft announced the general available of a new passwordless account feature for personal Microsoft accounts today. The feature is being rolled out to all personal Microsoft account customers over the course of the coming months.
Microsoft accounts, just like most user accounts on the Internet and locally, require a password for protection. Customers may improve security by enabling two-step verification using Microsoft’s Authenticator application or other means.
From today on, customers may enable the passwordless account to sign-in to the account, e.g. on Windows devices or Microsoft websites, without having to supply the account password.
The account password is removed from the account, and users need to use other sign-in options such as Microsoft’s Authenticator application, Windows Hello, physical security keys, or as a last resort SMS/Email codes.
One of the requirements is that users need to have set up the Microsoft Authenticator application on at least one of their devices and linked it to the Microsoft Account. The application may be in use already as part of the two-step verification process.
Note: some older applications and services don’t support passwordless access. These can’t be signed-in to anymore if the account is set up to be passwordless.
Microsoft lists Xbox 360, Office 2010 or earlier, Office for Mac 2011 or earlier, products and services which use IMAP or POP3 email services, Windows 8.1, Windows 7, “some Windows features” including Remote Desktop and Credential Manager, “some” command line and task scheduler services.
Microsoft Passwordless account
With that out of the way, Passswordless account can be enabled in the following way:
- Open the Microsoft account website and sign-in to the account that you want to make passwordless.
- Scroll down to Additional security.
- Select the Turn on link under Passwordless account.
The page displays information about the feature.
A passwordless account reduces the risk of phishing and password attacks.
To start setup, select Next, then approve the request from the Microsoft Authenticator app on your phone to remove your password.
Once you remove your password, you may lose access to some older apps, services, and devices
Select the Next button to proceed on the page. You are asked to verify the password removal in the authenticator application. Once done, you will get a “password removed” confirmation page.
You won’t be asked for the account password anymore when you sign-in. Instead, you are asked to verify the sign-in using the Authenticator application. The process is quick but it requires that you have the Microsoft Authenticator application at hand to sign-in.
Customers who don’t have access to the Microsoft Authenticator application may still sign-in to their account using alternate recovery methods (such as backup email addresses or text messages). It is important to set these up before enabling the passwordless account feature. Setup options are provided on the same page passwordless account is turned on or off.
Passwords can be added back to the account by repeating the steps described above. Activate the “turn off” option under passwordless account, follow the instructions and specify a new account password for the account.
Enterprise and Education administrators may check out instructions on enabling passwordless sign-ins here.