Microsoft has announced that it is enabling users to log into their Microsoft accounts without usernames and passwords.
Instead of passwords – which the tech behemoth has previously described as “inconvenient, insecure, and expensive” – Windows 10 users can switch to physical security keys or biometrics-based Windows Hello for authentication.
“This combination of ease of use, security and broad industry support is going to be transformational,” reads Microsoft’s announcement. “Every month, more than 800 million people use a Microsoft account to create, connect, and share from anywhere to Outlook, Office, OneDrive, Bing, Skype and Xbox Live for work and play. And now they can all benefit from this simple user experience and greatly improved security.”
Beyond the security key, there are also the options to verify users with Windows Hello’s facial, iris or fingerprint recognition, as well as with the help of the Microsoft Authenticator app for Android and iOS.
Check out this video from none other than Microsoft:
Don’t rush to forget your Windows password just yet, however. There may be a few things to do – or even buy – before you can possibly consign your password to history and use biometrics or PIN to access services such as Outlook, Office, Skype, OneDrive, and Xbox Live.
The new authentication option will work only on the company’s Edge browser, which began to support the WebAuthn password-free login standard earlier this year. You also need the latest Windows 10 version (version 1809, also known as the October 2018 update).
Then, of course, there’s also the key itself, which needs to be compliant with the FIDO2 standard. The special USB dongle with an embedded fingerprint sensor will set you back for anywhere from around $20 to $60. Two well-known companies that manufacture such keys are Yubico and Feitian Technology.
Meanwhile, a security key that relies on the FIDO U2F (“Universal 2nd Factor”) specification – such as Google’s Titan Security Key – doesn’t conform to FIDO2, so it wouldn’t work here.
To protect an account, FIDO2 uses a public/private key encryption pair created by the security key. In addition to plugging the key to a computer or laptop’s USB port, you still need to scan your fingerprint or enter your PIN. Possessing the key is not enough to unlock an account, so even if your key is stolen, the thief shouldn’t get very far without your PIN or finger(print) in their hands. Obviating the need for passwords also greatly enhances protection from phishing scams and other attacks that rely on stealing users’ usual login credentials.
Whichever authentication method for your Microsoft account you choose, you first need to log into your account – obviously still with your username and password and only on Edge. Once in, go to “Security”, then to “More security options”, on to “Windows Hello and security keys”, and follow the instructions. A detailed help article is also available.