Microsoft wants to make its Windows platform passwordless and the latest Windows 10 release marks one step closer to that goal.
Passwords have been long said to represent a security issue in today’s always-connected world, especially given that many devices include either default or easy-to-guess credentials, and the industry is pushing toward alternatives.
Multi-factor authentication has been around for a while and many consider it a viable option, especially if combined with strong, unique passwords. What Microsoft is seeking alternative authentication methods that could help users enjoy a passwordless login experience on Windows 10.
The latest release of Windows 10, version 1903, allows users to add a passwordless phone number Microsoft account to Windows and to sign-in with the Microsoft Authenticator app. Moreover, there’s the Windows Hello certified as a FIDO2 authenticator for sign-in on the web, and a streamlined Windows Hello PIN recovery above the lock screen.
The tech giant now allows users to create a Microsoft account with just their phone number in mobile Office apps (Word, OneNote, or Outlook) on iOS or Android devices. This feature, the company says, unlocks all the benefits of a Microsoft account, but doesn’t require a password.
Users can go to Settings and add a passwordless phone number Microsoft account to their device, which then allows them to sign in for the first time with the Microsoft Authenticator app, or an SMS code, without a password.
“This is enabled with an added web sign-in capability on the Windows lock screen. After that, Windows Hello is set up for an end-to-end passwordless experience,” Microsoft explains.
The web sign-in capability can be used with any Microsoft account, even email ones, by simply adding a Microsoft account to Windows, signing in with the Microsoft Authenticator app, and setting up Windows Hello face, fingerprint, or PIN for later sign-ins.
Starting with version 1903 of Windows 10, Windows Hello is a FIDO2 certified authenticator, FIDO Alliance announced last month, which means that any Windows Hello or FIDO2 compliant Microsoft-compatible security keys can now be used for sign-in to the web on Windows 10.
The feature is already available in Mozilla Firefox version 66 and above, but is also expected to soon be included in Chromium-based browsers such as Microsoft Edge on Chromium. The capability will be available when signing in to a Microsoft account and other websites supporting FIDO authentication.
Now, it’s even easier for users to recover their Windows Hello PIN when they forget it, courtesy of a revamped “I forgot my PIN” experience above the Windows lock screen. Users can now use the Microsoft Authenticator app instead of a password to reset their PIN, Microsoft explains.
Related: Microsoft Removes Password-Expiration Policy in Windows 10
Related: Password Practices Still Poor, Google Says
Related: Support for FIDO2 Passwordless Authentication Added to Android