Sonos Era 100 Review How to Download iOS 16.4 Save 55% on iPhone Cases How to Sign Up for Google's Bard Apple's AR/VR Headset VR for Therapy Clean These 9 Household Items Now Cultivate Your Happiness
Want CNET to notify you of price drops and the latest stories?
No, thank you
Accept
Tech Computing

Microsoft now lets you scrap your password for Outlook, Xbox and other online services

Biometrics, security keys and authenticator apps are letting tech companies try to bypass the flaws of password-based login.

Stephen Shankland headshot
Stephen Shankland
2 min read
Brett Pearce/CNET

Microsoft already convinced 200 million of us to enable passwordless authentication so we can get to Outlook.com, Xbox Live, OneDrive and Skype. Now it's letting those who want to do so dump the passwords altogether.

On Wednesday, the company opened up a new option to delete your password authentication. That means your sole means of logon will be using some combination of hardware security keys, biometrics like fingerprints and Windows Hello face recognition, emailed codes, and the Microsoft Authenticator app that runs on Android phones and iPhones.

To disable password authentication, go to account.microsoft.com and open Advanced Security Options. Next, go to Additional Security Options, then look for Passwordless Account. Flip the "Turn on" option. Microsoft says to install and set up the Microsoft Authenticator app first.

Although convenient, deep problems are leading tech giants past passwords for authentication. Biometrics like fingerprint and face identification have helped tremendously, as has the FIDO (Fast Identity Online) standard now built into browsers and operating systems. The transition is important for anyone who wants to stave off hackers and identity thieves.

Post-password authentication

One big password problem is that we reuse them, which means one data breach can expose many accounts. But strong, unique passwords are hard to create and remember. Password managers help with that problem, but the software can be complicated even for tech experts.

"If you decide you prefer using a password, you can always add it back to your account. But I hope you'll give passwordless a try -- I don't think you'll want to go back," Vasu Jakkal, leader of marketing for Microsoft's security and identity work, said in a blog post.

Now playing: Watch this: In a world of bad passwords, a security key could be...
4:11

Microsoft's post-password moves are good for the company, too. Dumping passwords means there's less data that hackers can steal in the first place.

About 200 million Microsoft customers, both individuals and corporate users, have moved to passwordless logon, Microsoft said. That's up from about 150 million people in 2020.