Microsoft now lets you scrap your password for Outlook, Xbox and other online services

Biometrics, security keys and authenticator apps are letting tech companies try to bypass the flaws of password-based login.

Stephen Shankland principal writer
Stephen Shankland has been a reporter at CNET since 1998 and writes about processors, digital photography, AI, quantum computing, computer science, materials science, supercomputers, drones, browsers, 3D printing, USB, and new computing technology in general. He has a soft spot in his heart for standards groups and I/O interfaces. His first big scoop was about radioactive cat poop.
Expertise processors, semiconductors, web browsers, quantum computing, supercomputers, AI, 3D printing, drones, computer science, physics, programming, materials science, USB, UWB, Android, digital photography, science Credentials
  • I've been covering the technology industry for 24 years and was a science writer for five years before that. I've got deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and other dee
Stephen Shankland
2 min read
Brett Pearce/CNET

Microsoft already convinced 200 million of us to enable passwordless authentication so we can get to Outlook.com, Xbox Live, OneDrive and Skype. Now it's letting those who want to do so dump the passwords altogether.

On Wednesday, the company opened up a new option to delete your password authentication. That means your sole means of logon will be using some combination of hardware security keys, biometrics like fingerprints and Windows Hello face recognition, emailed codes, and the Microsoft Authenticator app that runs on Android phones and iPhones.

To disable password authentication, go to account.microsoft.com and open Advanced Security Options. Next, go to Additional Security Options, then look for Passwordless Account. Flip the "Turn on" option. Microsoft says to install and set up the Microsoft Authenticator app first.

Although convenient, deep problems are leading tech giants past passwords for authentication. Biometrics like fingerprint and face identification have helped tremendously, as has the FIDO (Fast Identity Online) standard now built into browsers and operating systems. The transition is important for anyone who wants to stave off hackers and identity thieves.

One big password problem is that we reuse them, which means one data breach can expose many accounts. But strong, unique passwords are hard to create and remember. Password managers help with that problem, but the software can be complicated even for tech experts.

"If you decide you prefer using a password, you can always add it back to your account. But I hope you'll give passwordless a try -- I don't think you'll want to go back," Vasu Jakkal, leader of marketing for Microsoft's security and identity work, said in a blog post.

Watch this: In a world of bad passwords, a security key could be your new best friend

Microsoft's post-password moves are good for the company, too. Dumping passwords means there's less data that hackers can steal in the first place.

About 200 million Microsoft customers, both individuals and corporate users, have moved to passwordless logon, Microsoft said. That's up from about 150 million people in 2020.