Big tech really wants you to ditch your password.
Back in 2019, I spoke with a Google product manager about the problem with passwords. He urged people to ditch passwords in favour of better authentication methods, noting that alternate systems are âprobably your safest bet.â Fast forward to now, and it seems Microsoft is also on board with dropping passwords.
In an announcement post, Microsoft unveiled that itâs adding a new option to remove the password from your Microsoft account. People who do so can use other methods to sign in, such as Microsoftâs Authenticator app, Windows Hello, a security key or a verified code sent to your phone or email.
However, itâs worth noting that you could effectively avoid using your Microsoft Account password before now â you just couldnât remove it entirely. I havenât ditched my password, but I also havenât typed it in years. Instead, whenever I need to sign in to my Microsoft Account, I use the Authenticator app. I grab my phone, authenticate myself, and Iâm logged in and ready to go. Itâs fast, simple and convenient.
Of course, not everyone is on board with ditching passwords just yet. Some things still require a password, and some people feel more secure having one. Microsoft also detailed some of the reasons why passwords arenât that secure â most of it echoes other things Iâve written about passwords, including that Google story mentioned up top.
Passwords arenât secure because people suck at making them
First, thereâs the human nature side of it. Most people still create their own passwords, and to remember those passwords, most people also use the same (or very similar versions of the same) password across several sites and services. Moreover, people often pick passwords that are easy for them to remember. The problem, however, is if a hacker guesses your password for one site or breaches the security of and steals passwords for a site, thereâs a good chance that they will be able to use that password to log into other websites.
Hackers have plenty of other ways to get passwords too. Phishing attacks, for example, seek to trick people into giving up their log-in information. One way to do this is to create a fake login page for an app like Netflix, then send people an email saying something like, âThereâs an issue with your billing info, sign in to fix it.â If the email looks real enough, people will click through the link to the website, type in their password, and inadvertently give up their log-in.
If youâre interested in going passwordless with your Microsoft Account, you can do so by heading to âaccount.microsoft.com,â signing in and clicking âAdvanced Security Options.â Under âAdditional Security,â look for âPasswordless Accountâ and select the option to turn it on. If the option isnât there, you may need to wait a bit as Microsoft continues the rollout over the next few weeks. And, you can always switch back if you donât like it. You can learn more about passwordless Microsoft Accounts here.
If you still need a password, get a password manager to boost your security
Of course, if youâre concerned about your other online accounts and they donât offer passwordless options like Microsoft, there are other steps you can take to improve security. For example, using a password manager to create long, unique, impossible-to-guess passwords for each website can go a long way to improving your online security. You can learn more about some password managers at the links below:
Other options that can help include two-factor authentication (2FA). Itâs not a perfect system, but adding another layer of security can help keep your accounts secure even if someone gets your password.
Source: Microsoft
