Microsoft Tells Users to Just Give Up on Passwords

And use passwordless authentication for their accounts

We’ve known for a while that Microsoft was insisting on a world without passwords, but given May 5 was the World Password Day, the company used this occasion to remind just how more secure it is to use other authentication methods.

In a lengthy post recently, Microsoft highlights multiple ways to protect your accounts and data, including Windows Hello, which comes bundled with some Windows devices.

Furthermore, Microsoft tells users to install Microsoft Authenticator and, if they must really use a password, to make sure it’s impossible to breach.

“Rather than keeping attackers out, weak passwords often provide a way in. Using and reusing simple passwords across different accounts might make our online life easier, but it also leaves the door open,” Vasu Jakkal, Corporate Vice President, Security, Compliance, Identity, and Management, explains.

“Attackers regularly scroll social media accounts looking for birthdates, vacation spots, pet names and other personal information they know people use to create easy-to-remember passwords. A recent study found that 68 percent of people use the same password for different accounts. For example, once a password and email combination has been compromised, it’s often sold on the dark web for use in additional attacks.”

Passwords should be at least 12 characters long, Jakkal explains, and use a combination of uppercase and lowercase letters, numbers and symbols.

It shouldn’t be a word found in a dictionary and must be completely different from other passwords. This is why using a password manager is totally recommended.

But at the end of the day, going passwordless is the right thing to do, Microsoft explains.

“As part of a historic collaboration, the FIDO Alliance, Microsoft, Apple, and Google have announced plans to expand support for a common passwordless sign-in standard. Commonly referred to as passkeys, these multi-device FIDO credentials offer users a platform-native way to safely and quickly sign in to any of their devices without a password. Virtually unable to be phished and available across all your devices, a passkey lets you sign in simply by authenticating with your face, fingerprint, or device PIN,” Jakkal states.