Microsoft has a solution for the common problem of having too many passwords to remember: don’t use them at all.
In the coming weeks, Microsoft will introduce a “passwordless account” option for all users of several popular services, including Microsoft Outlook and Microsoft OneDrive, the company announced on Wednesday. In March, Microsoft made this option available to corporate accounts.
In a blog post published Wednesday, Vasu Jakkal, the company’s corporate vice president of security, compliance, and identity, said, “You can now completely remove the password from your Microsoft account.”
Instead of passwords, users will be able to log in to these services using either Microsoft’s Authenticator app, which generates a unique numbered login code every few seconds, or Windows Hello, which allows users to sign in using facial recognition, a fingerprint, or a unique pin. Users can also purchase an external security key, such as a USB drive with login information stored on it, or register a phone number to receive a verification code from Microsoft.
Microsoft’s decision follows a surge in cyberattacks over the past year. Because of the coronavirus pandemic, the majority of corporate employees are working from home, hackers have more opportunities to infiltrate a company’s systems — and compromising passwords is one of their most common tactics. (Microsoft has had its fair share of security problems in recent months, with its services being linked to a number of high-profile hacks and breaches.)
Passwords are frequently sold on the dark web, where they are purchased and used to hack additional services. Password managers that aim to make login data more secure have also been targeted by hackers, with the popular service LastPass being hacked in 2015.
According to Microsoft, there are 579 password attacks every second, totaling 18 billion attacks per year. Human behavior, according to cybersecurity experts, is the weakest link — our proclivity to reuse the same password across accounts to make it easier to remember, or to create patterns for different passwords that are easy for hackers to guess.
“Weak passwords are the entry point for the majority of attacks across enterprise and consumer accounts,” Jakkal said.
In its effort to pioneer a passwordless future, Microsoft appears to be leading by example. Almost all of the company’s own employees, according to Jakkal, now log into their corporate accounts without passwords.
Other companies, such as Google (GOOGL) and Apple (AAPL), also provide password alternatives, such as sending a notification to another device to verify your identity, but these solutions haven’t yet completely replaced the need to type in a password.