Microsoft launches passwordless future, allowing everyone alternate methods for logging in

Forty percent of users use simple formulas for their passwords, despite the risk.
Forty percent of users use simple formulas for their passwords, despite the risk. Photo credit: Getty Images

Microsoft has announced passwords can become a thing of the past for users of its services with the option to turn them off rolling out worldwide from today.

The tech giant has long indicated a passwordless future, with enterprise users able to use alternative login means from March this year.

But that ability is now being offered to anyone with a Microsoft account for services such as Outlook and OneDrive.

As an alternative to passwords, users can use the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to your phone or email to sign in to apps and services instead.

"Nobody likes passwords. They're inconvenient. They're a prime target for attacks," wrote Vasu Jakkal, corporate vice president of security, compliance and identity at Microsoft. 

"Yet for years they've been the most important layer of security for everything in our digital lives - from email to bank accounts, shopping carts to video games." 

Part of the problem, Microsoft says, is the need to create complex and unique passwords, remember them and change them frequently.

A recent survey by the tech giant found 15 percent of people use their pets' names for password inspiration, while others used family names and important dates like birthdays.

Another 40 percent say they've used a formula for their passwords, like Winter2021, then eventually Spring2022.

This ends up with people reusing passwords or personal words and phrases, which makes accounts vulnerable.

"Unfortunately, while such passwords may be easier to remember, they are also easier for a hacker to guess," Jakkal wrote.

"A quick look at someone's social media can give any hacker a head start on logging into their personal accounts. Once that password and email combination has been compromised, it's often sold on the dark web for use in any number of attacks."

There are alternatives to Microsoft's authentication service, with many browsers having password managers built in.

There are also commercial products such as BitWarden, LastPass, Norton Password Manager and more that make it easy to create and manage unique passwords for every website and app.

Microsoft's move came on the same day the Aotearoa Government's cybersecurity agency revealed New Zealanders lost $4 million to incidents in April to June this year.

This included unauthorised access of accounts jumping by 37 percent from the previous quarter.

CERT NZ also analysed cybersecurity information provided by local and international partners, and identified almost 4500 brute force incidents involving New Zealand internet-enabled devices like routers and Wi-Fi cameras.

Weak passwords - or failing to change default usernames and passwords - make those devices and accounts vulnerable.