Article Details

Microsoft makes all new accounts passwordless by default. Microsoft has announced that all new Microsoft accounts will be "passwordless by default" to secure them against password attacks such as phishing, brute force, and credential stuffing. The announcement comes after the company started rolling out updated sign-in and sign-up user experience (UX) flows for web and mobile apps in March, optimized for passwordless and passkey-first authentication. "As part of this simplified UX, we're changing the default behavior for new accounts. Brand new Microsoft accounts will now be 'passwordless by default'," said Joy Chik, Microsoft's President for Identity & Network Access, and Vasu Jakkal, Corporate Vice President for Microsoft Security. "New users will have several passwordless options for signing into their account and they'll never need to enroll a password. Existing users can visit their account settings to delete their password." Redmond says the best passwordless method will be enabled for each account and set as the default. The company also wants more customers to switch to passkeys, a more secure alternative to passwords that uses biometric authentication, such as fingerprints and facial recognition. Once they're signed in, users will be prompted to enroll a passkey, and the next time they log into their accounts, they'll be asked to sign in with their passkey. ​"This simplified experience gets you signed in faster and in our experiments has reduced password use by over 20%," Chik and Jakkal added. "As more people enroll passkeys, the number of password authentications will continue to decline until we can eventually remove password support altogether." Microsoft is a board member of the FIDO Alliance, an open industry association launched over a decade ago that promotes passkeys as a standard passwordless sign-in method used by 15 billion user accounts for authentication. It also rolled out support for passkey authentication for personal Microsoft accounts a year ago after adding a built-in passkey manager for Windows Hello with the Windows 11 22H2 feature update. More recently, ​it started testing WebAuthn API updates to add support for using third-party passkey providers for Windows 11 passwordless authentication. Top 10 MITRE ATT&CK© Techniques Behind 93% of Attacks Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.