Security Experts:

Microsoft Pushing for a Passwordless Windows 10

Microsoft wants to make its Windows platform passwordless and the latest Windows 10 release marks one step closer to that goal. 

Passwords have been long said to represent a security issue in today’s always-connected world, especially given that many devices include either default or easy-to-guess credentials, and the industry is pushing toward alternatives

Multi-factor authentication has been around for a while and many consider it a viable option, especially if combined with strong, unique passwords. What Microsoft is seeking alternative authentication methods that could help users enjoy a passwordless login experience on Windows 10. 

The latest release of Windows 10, version 1903, allows users to add a passwordless phone number Microsoft account to Windows and to sign-in with the Microsoft Authenticator app. Moreover, there’s the Windows Hello certified as a FIDO2 authenticator for sign-in on the web, and a streamlined Windows Hello PIN recovery above the lock screen.

The tech giant now allows users to create a Microsoft account with just their phone number in mobile Office apps (Word, OneNote, or Outlook) on iOS or Android devices. This feature, the company says, unlocks all the benefits of a Microsoft account, but doesn’t require a password.

Users can go to Settings and add a passwordless phone number Microsoft account to their device, which then allows them to sign in for the first time with the Microsoft Authenticator app, or an SMS code, without a password. 

“This is enabled with an added web sign-in capability on the Windows lock screen. After that, Windows Hello is set up for an end-to-end passwordless experience,” Microsoft explains

The web sign-in capability can be used with any Microsoft account, even email ones, by simply adding a Microsoft account to Windows, signing in with the Microsoft Authenticator app, and setting up Windows Hello face, fingerprint, or PIN for later sign-ins. 

Starting with version 1903 of Windows 10, Windows Hello is a FIDO2 certified authenticator, FIDO Alliance announced last month, which means that any Windows Hello or FIDO2 compliant Microsoft-compatible security keys can now be used for sign-in to the web on Windows 10. 

The feature is already available in Mozilla Firefox version 66 and above, but is also expected to soon be included in Chromium-based browsers such as Microsoft Edge on Chromium. The capability will be available when signing in to a Microsoft account and other websites supporting FIDO authentication.

Now, it’s even easier for users to recover their Windows Hello PIN when they forget it, courtesy of a revamped “I forgot my PIN” experience above the Windows lock screen. Users can now use the Microsoft Authenticator app instead of a password to reset their PIN, Microsoft explains.

Related: Microsoft Removes Password-Expiration Policy in Windows 10

Related: Password Practices Still Poor, Google Says

Related: Support for FIDO2 Passwordless Authentication Added to Android

Related: Why Not Always Multi-Factor Authentication?

view counter