Microsoft is taking a significant step towards a passwordless future by eliminating passwords for new accounts and encouraging existing users to transition to more secure authentication methods. This move is driven by the increasing vulnerability of traditional passwords to cyberattacks and the company's commitment to enhancing user security.
The Shift to Passwordless Authentication
In May 2025, Microsoft announced that all newly created accounts would be passwordless by default. Instead of relying on passwords, users are prompted to use passkeys, facial recognition, fingerprint authentication, or security keys. This initiative aims to reduce the risks associated with password-based authentication, such as phishing and brute-force attacks. According to Microsoft, over 99% of users who log into Windows with a Microsoft account already prefer alternatives like biometrics or PINs over traditional passwords. (indiatoday.in)
Understanding Passkeys
Passkeys are a form of authentication developed in collaboration with the Fast Identity Online (FIDO) Alliance. They utilize cryptographic keys stored securely on a user's device and are linked to biometric data or a device PIN. This method offers several advantages:
- Enhanced Security: Passkeys are resistant to common attacks like phishing and credential stuffing.
- User Convenience: They eliminate the need to remember complex passwords, streamlining the login process.
- Speed: Signing in with a passkey is three times faster than using a traditional password and eight times faster than a password combined with traditional multi-factor authentication (MFA). (forbes.com)
Microsoft has outlined a clear timeline for phasing out password support in its Authenticator app:
- June 2025: Users can no longer save new passwords in Authenticator.
- July 2025: The autofill feature for passwords is disabled.
- August 2025: Saved passwords will no longer be accessible in Authenticator. (bleepingcomputer.com)
Industry-Wide Movement Towards Passwordless Security
Microsoft's initiative is part of a broader industry trend towards eliminating passwords. Other tech giants, such as Facebook, have also introduced passkeys to enhance user security. Facebook's implementation allows users to log in using biometrics or device PINs, reducing reliance on traditional passwords. (biometricupdate.com)
User Considerations and Recommendations
While the shift to passwordless authentication offers numerous benefits, users should be aware of potential challenges:
- Device Dependency: Access to accounts is tied to specific devices. Losing or replacing a device may require additional steps to regain access.
- Biometric Data Security: Storing biometric data on devices raises concerns about data security and privacy.
- Set Up Passkeys: Follow Microsoft's guidelines to establish passkeys for your accounts.
- Export and Secure Passwords: Before the deprecation deadlines, export any saved passwords from Microsoft Authenticator and store them securely.
- Stay Informed: Keep abreast of updates from Microsoft and other service providers regarding authentication methods and security practices.
Source: Bristol Live https://www.bristolpost.co.uk/news/uk-world-news/microsoft-delete-passwords-75m-users-10316731/