Big tech really wants you to get rid of your password.
Back in 2019, I spoke with a Google product manager about the problem with passwords. He urged people to ditch passwords in favour of better authentication methods, noting that alternate systems are “probably your safest bet.” Fast forward to now, and it seems Microsoft is also on board with dropping passwords.
In an announcement post, Microsoft unveiled that it’s adding a new option to remove the password from your Microsoft account. People who do so can use other methods to sign in, such as Microsoft’s Authenticator app, Windows Hello, a security key or a verified code sent to your phone or email.
However, it’s worth noting that you could effectively avoid using your Microsoft Account password before now — you just couldn’t remove it entirely. I haven’t ditched my password, but I also haven’t typed it in years. Instead, whenever I need to sign in to my Microsoft Account, I use the Authenticator app. I grab my phone, authenticate myself, and I’m logged in and ready to go. It’s fast, simple and convenient.
Of course, not everyone is on board with ditching passwords just yet. Some things still require a password, and some people feel more secure having one. Microsoft also detailed some of the reasons why passwords aren’t that secure — most of it echoes other things I’ve written about passwords, including that Google story mentioned up top.
Passwords aren’t secure because people suck at making them
First, there’s the human nature side of it. Most people still create their own passwords, and to remember those passwords, most people also use the same (or very similar versions of the same) password across several sites and services. Moreover, people often pick passwords that are easy for them to remember. The problem, however, is if a hacker guesses your password for one site or breaches the security of and steals passwords for a site, there’s a good chance that they will be able to use that password to log into other websites.
Hackers have plenty of other ways to get passwords too. Phishing attacks, for example, seek to trick people into giving up their log-in information. One way to do this is to create a fake login page for an app like Netflix, then send people an email saying something like, “There’s an issue with your billing info, sign in to fix it.” If the email looks real enough, people will click through the link to the website, type in their password, and inadvertently give up their log-in.
If you’re interested in going passwordless with your Microsoft Account, you can do so by heading to ‘account.microsoft.com,’ signing in and clicking ‘Advanced Security Options.’ Under ‘Additional Security,’ look for ‘Passwordless Account’ and select the option to turn it on. If the option isn’t there, you may need to wait a bit as Microsoft continues the rollout over the next few weeks. And, you can always switch back if you don’t like it. You can learn more about passwordless Microsoft Accounts here.
If you still need a password, get a password manager to boost your security
Of course, if you’re concerned about your other online accounts and they don’t offer passwordless options like Microsoft, there are other steps you can take to improve security. For example, using a password manager to create long, unique, impossible-to-guess passwords for each website can go a long way to improving your online security. You can learn more about some password managers at the links below:
- How to set up a password manager to keep yourself safe online
- How to use Apple’s password manager, iCloud Keychain
- How to use Google’s built-in Password Manager
- Bitwarden offers excellent password management tools with great value [App of the Month]
Other options that can help include two-factor authentication (2FA). It’s not a perfect system, but adding another layer of security can help keep your accounts secure even if someone gets your password.