Passwordless is, for many people, just another geeks idea, which makes an ordinary user’s life just more complicated. But how many times have you seen passwords like 123456 or qwerty? How many times in the last year have we heard about another company hit by malware or stolen money from someone’s account? I am not saying that the passwordless idea solves the problem, but it can significantly increase your security stance.

Go passwordless
Go passwordless

Passwordless authentication methods are more convenient because there’s no password to remember, and they’re compatible across most devices and systems. Plus, they’re virtually impervious to phishing. And when there’s no password to remember, users will not use simple one or yellow post-it cards with their supper complicated phrases. Why am I writing about this today? Well, Microsoft has inspired me as they finally passwordless is available for home users. Microsoft 365 Family is my core product, which I use every day, so I was more than happy that I could get rid of the passwords from it.

If I didn’t convince you, please check the chart below and see the best way to improve your security.

Why passwordless?

What is passwordless authentication microsoft

Microsoft now lets you remove passwords from your Microsoft accounts to adopt life without passwords. What does it mean? Instead of typing, we can sign into Microsoft accounts with its Microsoft Authenticator app, Windows Hello, a security key, or an SMS / email verification code instead of a password. I am a big fan of the security keys like YubiKey. They have one huge advantage, even if you somehow get convinced to go to a fake website and press the key, the generated code will not work for a hacker as it will be different from the original site. You should try it!

Before you start

Before you go further, you need to download and install the Microsoft Authenticator app. By the way, if you use Google Authenticator, I recommend switching to Microsoft. Why? Because I can backup the services and accounts I use, which is extremely useful when you change your mobile device. I was using Google solution after the first iPhone replacement. I don’t want to spend a few hours when I get a new device to recreate all accounts in the app. Anyway:

  1. Go to here on your mobile device, or go to the App Store or Play Store to download and install the Microsoft Authenticator app.
  2. Open the Authenticator app and set up your account in the app by following the prompts.
  3. Sign in to your Microsoft Account Additional security options.
  4. Under Password-free account, select Turn on.
  5. Follow the prompts to verify your account.
  6. Approve the request sent to your Microsoft Authenticator app.

Now you are ready to go 🙂

Configure passwordless authentication for Microsoft Account

The first step is to go to your account settings under this URL and select Advanced security options.

Advanced security

Under Aditional security, you will find the option to turn on “Passwordless account.” Press on the “Turn on” option.

Passwordless accpimt

A window like this one below will appear.

Depends on your settings, you can be required to add more authentication methods,

The system will send you a code to check your email.

And finally, if all steps have been completed, you get a message like this one.

What does it mean for you?

Many people think the hacking and the security problems do not touch them until they get hacked. But then it’s too late. They lost money, passwords, identity. The passwordless idea is just a small brick, but it could be a good starting point to secure your assets. Microsoft account is just one of many services where we keep our data. You should check others and do the same or similar steps. For example, did you know that you can protect your Facebook or Twitter account with a security key like YubiKey? So what can we do else to defend ourselves?

  • Start using password manager!!! I bealive that the most important step
  • Stop using SMS as second factor (sim swap attack!!!)
  • Stop the same password every where. Do you think the passwor MySicretPasswordForGoogle2021 is secoure?
  • Start using security keys

That’s the basics, but they can be a good starting point.