Microsoft sets all new accounts passwordless by default

This post was originally published on Security Affairs. It can be found here.

Microsoft announced that all new accounts will be “passwordless by default” to increase their level of security.

Microsoft now makes all new accounts “passwordless by default,” enhancing protection against social engineering attacks, phishing, brute-force, and credential stuffing attacks.

“As part of this simplified UX, we’re changing the default behavior for new accounts. Brand new Microsoft accounts will now be “passwordless by default.”” states the company’s announcement.” “New users will have several passwordless options for signing into their account and they’ll never need to enroll a password. Existing users can visit their account settings to delete their password.””

Microsoft has revamped its login system to favor passwordless options, automatically choosing the most secure method available, such as one-time codes or passkey, and prompting users to set up passkeys for stronger protection.

Microsoft is pushing towards a passwordless future with passkeys, now registering nearly 1M daily. The IT giant states that passkey users log in 3x more successfully and 8x faster than those using passwords. New accounts are passwordless by default, and sign-in flows prioritize secure, easy methods like one-time codes and passkeys. These changes also aim to boost user experience while phasing out passwords.

“Instead of showing you all the possible ways for you to sign in, we automatically detect the best available method on your account and set that as the default. For example, if you have a password and “one time code” set up on your account, we’ll prompt you to sign in with your one time code instead of your password. After you’re signed in, you’ll be prompted to enroll a passkey. Then the next time you sign in, you’ll be prompted to sign in with your passkey.” continues the announcement. “This simplified experience gets you signed in faster and in our experiments has reduced password use by over 20%. As more people enroll passkeys, the number of password authentications will continue to decline until we can eventually remove password support altogether.”

Microsoft states that the password era is nearing an end. With over 15 billion user accounts now able to use passkeys, according to the FIDO Alliance, the move toward a passwordless future is accelerating. To mark World Passkey Day, individuals are encouraged to take the first step by securing at least one account with a passkey. This shift not only protects against unauthorized access but also makes signing in quicker, easier, and far more secure.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, passwordless by default)

This post was originally published on this site

Forum Search

Partners & Sponsors
  • University of Baltimore
  • Towson University
  • Bureau of Justice Assistance
  • National Science Foundation
LATEST FORUM POSTS
Test post2

Test Post2

By Demo User12, 1 year ago

Finding internships

Hello, Has anyone here secured any forensic related internships for 2024? I'm collecting some data and wanted to know what...

By AP Malla, 1 year ago

Beginner network forensic investigation

How should I approach network forensic? Would you recommend learning tools like WireShark?

By AP Malla, 1 year ago

Cyber Forensic Employment: High level guidelines

Understand the Basics: Know the Field: Cyber forensics involves investigating digital crimes, analyzing electronic data, and recovering hidden, deleted, or...

By AP Malla, 1 year ago

LATEST POSTS
Article thumbnail image
Ireland’s Data Protection Commission (DPC) fined TikTok €530M for violating
Microsoft announced that all new accounts will be “passwordless by default”
Article thumbnail image
Harrods confirmed a cyberattack, following similar incidents suffered by M&
Article thumbnail image
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SMA