Microsoft has announced that all new accounts will be “passwordless by default” to improve security. This move aims to protect against password-related attacks such as phishing, brute force, and credential stuffing. The update follows the company’s rollout of a new sign-in and sign-up experience in March, optimized for passwordless authentication. Users will no longer need to enroll a password, with several passwordless options available for new accounts.
The company intends to simplify the sign-in process for users while enhancing security through a more streamlined user experience. Microsoft’s strategy includes encouraging customers to switch to passkeys, which offer stronger security using biometric authentication, such as fingerprints or facial recognition. For new users, the default sign-in method will be a passkey, and once enrolled, users will log in using this secure method for future sessions. Microsoft aims to reduce reliance on passwords by promoting passkey adoption.
As part of the initiative, Microsoft’s tests have shown a more than 20% reduction in password use, making sign-ins faster and more secure. The company expects this trend to continue as more users adopt passkeys. Microsoft’s long-term goal is to eliminate passwords entirely, offering a completely passwordless experience. This aligns with the company’s broader vision to shift towards stronger, password-free authentication methods across its platform.
Microsoft is a member of the FIDO Alliance, a key player in the push for universal passkey adoption. The company began supporting passkeys for personal accounts a year ago and added a passkey manager in the Windows 11 22H2 update. Recently, Microsoft has also tested updates to the WebAuthn API to enable third-party passkey support for Windows 11, moving closer to its goal of a fully passwordless ecosystem.
Reference:
