Despite being the default way that you get into most of your digital accounts, passwords aren't really that secure—certainly not compared to a fingerprint or a device that can act as a physical key. If someone gets hold of or guesses your password, they can pretend to be you from wherever they are in the world, especially if you don't have two-factor authentication in place. Which is why Microsoft's recent move to go passwordless is such a welcome step toward better protection.
It's a transition you should welcome. The easier passwords are to remember, the easier they are for someone else (or automated hacking tools) to guess. Making them harder to guess or crack makes them impossible to remember, adding extra inconvenience and frustration whenever there's a new device to get up and running. And while a good password manager can solve a lot of those problems for you, getting rid of passwords altogether gets you even further.
With that in mind, Microsoft is pushing a password-free future and giving users the opportunity to log into their Microsoft accounts—which you probably use to access your Windows PC, Xbox, Outlook email, OneDrive storage, and more—via other methods.
It's a major shift, although the traditional password method remains an option for Microsoft accounts for the time being. If you're interested in making your account more secure and your digital life less stressful, it's something to consider—and it's not particularly difficult to make the switch.
Switching to a Passwordless Login
You can replace your Microsoft account password with a code from the Microsoft Authenticator app, the Windows Hello biometric login system (usually facial or fingerprint recognition), a physical security key that you keep with you, or a verification code sent via email or text.
While those options are not 100 percent foolproof, they at least require you to have something physical with you (a phone or a key) or access to another account. That's an improvement over a name and password that anyone can use from anywhere, and which can be leaked on the web.
Whichever method you want to use to make the switch away from passwords, you need to download and install the Microsoft Authenticator app for Android or iOS first. (Microsoft unfortunately didn't make its system compatible with other authenticator apps.) Log in using your existing Microsoft account email address and password, and the app can then verify your identity.
With the app setup done, head to the security settings page for your Microsoft account in a web browser. If Microsoft has pushed out the feature to your account, you'll see a Passwordless account option underneath Additional security—turn this on, then click Next on the confirmation dialog, then approve the request that will appear on your phone via the Microsoft Authenticator app.
That's it—you've gone passwordless. In the future, when you would have entered your password alongside your email address, you'll get a prompt in the Microsoft Authenticator app. Other login options, like Windows Hello biometrics, can be set up depending on the different devices you're using.
The obvious next question is what happens if you lose access to the Microsoft Authenticator app or your entire phone. In this scenario, Microsoft will let you reset passwordless access using another verification option, like a backup email address; you can set these up via that same security settings page, so make sure you've got several safety nets in place.
From the same screen it is possible to turn off the passwordless account feature again, enter a new password, and go back to the old way of working, but it's likely that you'll want to stick with the new method for its simplicity and its enhanced security.
Your new passwordless approach should work everywhere your Microsoft account is available—on an Xbox Series X, Xbox Series S, or Xbox One console for example, without any further configuration. For older software and devices that still require a password (Office 2010 and earlier, Xbox 360 consoles) you can create specific passwords using the Create an app password link on the Microsoft passwordless support page.