Microsoft has a solution to the well-known problem of remembering too many passwords: eliminate them.
The company announced on Wednesday that in the coming weeks, it would offer a “passwordless account” option to all users of several popular services, including Microsoft Outlook and Microsoft OneDrive. In March, Microsoft made this option available to corporate accounts.
“You can now completely remove the password from your Microsoft account,” wrote Vasu Jakkal, the company’s corporate vice president of security, compliance, and identity, in a blog post published Wednesday.
Instead of passwords, Microsoft (MSFT) will allow users to sign in to these services using either the Authenticator app, which generates a unique numbered login code every few seconds, or Windows Hello, which allows users to sign in using facial recognition, a fingerprint, or a special pin. Microsoft users can also purchase an external security key, such as a USB drive containing login information, or register a phone number to which Microsoft will send a verification code.
Microsoft’s decision comes in the wake of an increase in cyberattacks over the last year. Because of the coronavirus pandemic, which has caused most corporate employees to work from home, hackers have many more avenues to infiltrate a company’s systems — and compromising passwords is one of their most common strategies. (Microsoft has had its fair share of security issues in recent months, with its services being linked to a number of high-profile hacks and breaches.)
Passwords are frequently sold on the dark web, where they are purchased and used to hack even more services. Password managers that aim to make login data more secure have also been targeted by hackers, with the popular service LastPass being hacked in 2015.
According to Microsoft, 579 password attacks occur every second, totaling 18 billion attacks per year. And, according to cybersecurity experts, the weakest link is human behavior — our proclivity to re-use the same password across accounts to make it easier to remember or create patterns for different passwords that hackers can easily guess.
“The majority of attacks across enterprise and consumer accounts begin with weak passwords,” Jakkal explained.
Microsoft appears to be setting an excellent example in its efforts to usher in a password-free future. Almost all of the company’s employees, according to Jakkal, now log into their corporate accounts without passwords.
Other companies, such as Google (GOOGL) and Apple (AAPL), provide password alternatives, such as sending a notification to another device to verify your identity. Still, these solutions haven’t completely replaced the need to type a password just yet.