Microsoft announced today that it intends to allow users to remove passwords from their accounts.
In a change that will take place in the coming weeks, Microsoft said that users will be able to remove the password from their account and choose an alternative authentication option, such as:
- Security keys
- Disposable codes sent by email or SMS
- Biometric data from Windows Hello
- or through the Microsoft Authenticator mobile app.
Today's news comes after Microsoft piloted this new setting (from March 2021), when it allowed Azure users not to use passwords for other more secure alternatives.
Prior to the tests (from March until today), the feature was requested many times by Microsoft business customers.
System administrators and security engineers have been asking for a way to protect their accounts from brute-force password-guessing attacks, which are now very common. Remember that billions of user credentials are currently circulating freely on the internet.
In a blog post announcing Microsoft's upcoming move, Vasu Jakkal, Corporate Vice President of Microsoft Security, Compliance, Identity and Management, said the company currently records 579 password attacks every second, for a total of 18 billions a year.
"One of our recent surveys found that 15% of people use their pet names as a inspiration for a password," said Jakkal.
"Other codes include family names and important dates such as birthdays. One in 10 people admitted to reusing passwords on websites and 40% said they use a formula for their passwords, such as Fall2021, which becomes Winter2021 or Spring2022.