The safest password is sometimes none at all, and it works on Windows 10, 11, and Xbox.
Microsoft recently added a passwordless sign-in option to Microsoft accounts for consumer-level Windows users, including those running Windows 10 Home and, soon, Windows 11. Passwordless sign-ins were previously only available to enterprise-level Windows users, but now anyone can opt in through their Microsoft Account settings.
Related: How to Change Browser on Windows 11
Users can use their Microsoft account without a password if this option is enabled. Instead, you’ll use an alternative authentication method, such as the Microsoft Authenticator app, Windows Hello, or text/email verification codes, to log into your account—and a select few apps, services, and Windows features that require it. Products that are supported include:
- Your Windows 10 or 11 PC
- Your Xbox Series X/S or Xbox One
- Microsoft Office 365 apps
- Microsoft Outlook
- The Microsoft Store
- Microsoft account website
- And more.
So, why would you want to do something like this? Apart from the convenience, it appears to be safer. It may seem counterintuitive to remove your account’s password to improve security, but as Microsoft points out, passwords are an unreliable security method.
Password data is frequently stored incorrectly by businesses and apps, resulting in its exposure in data breaches or leaks. Even if passwords are securely saved server-side, there are a number of ways for a hacker to brute force passwords in order to gain access to someone’s account, including credential stuffing and password spraying. Even those of us who use unique passwords protected by encrypted password managers are vulnerable to these attacks.
Of course, no method of authentication is perfect. Biometrics (fingerprint scans, face unlocks, etc.) and text-based verification are both vulnerable, especially when used as your sole sign-in method. Nonetheless, these methods of verification are more secure than passwords, particularly if you use multi-factor logins.
Related: Reset Your Twitch Password Right Now
How to enable passwordless logins for your Microsoft Accounts
- Log into the Microsoft account page.
- Go to Settings > Security.
- Select “Additional Security options.”
- Type in your password when prompted.
- Go to the “Advanced security” page, then scroll down to “Additional security.” Click “Turn on” under the Passwordless account option. This will require the Microsoft Authenticator app for your smartphone.
- Follow the on-screen instructions on your PC and on your mobile device to complete the setup.
- We also recommend turning on “Two-step Verification” in the Additional Security menu after enabling Passwordless logins if you have not done so yet.
You can now access your Microsoft Account without having to enter a password. It’s worth noting that a password is still required for some older Microsoft products and Windows features, such as:
- IMAP and POP email services
- Office 2010 or earlier
- Office for Mac 2011 or earlier
- Remote Desktop
- Windows Credential Manager
- Windows 10 version 1809 or earlier, including all versions of Windows 8.1 and Windows 7
- Xbox 360 and original Xbox consoles.
Microsoft, on the other hand, appears to be committed to a password-free ecosystem, so future first-party products should support the feature.
Passwordless sign-ins will work in tandem with Windows 11’s higher hardware-level security standards, as well as other security features such as OneDrive ransomware prevention. Common cybersecurity vulnerabilities, such as weak user passwords or a lack of anti-malware or anti-ransomware protections, could be mitigated by these security enhancements.