From social media platforms to ecommerce websites and online bank accounts, the average person needs to juggle around 100 passwords. Of course, this is way too many for one person to remember. And since the adoption of password managers is still low, most people use similar (or even identical) easy-to-guess passwords to remember all their credentials. So, companies are desperately trying to find more secure and convenient ways to protect their users’ accounts. A good example of this is Microsoft Passwordless. But should you really ditch the most common authentication method and go passwordless?
The Risks of Using Passwords
Although websites have increased their security by requiring users to come up with more complicated keys when creating online accounts, the most common password in the past few years has been ‘123456’. This combination takes less than one second to crack, allowing hackers to quickly access your personal information to commit fraud, steal your money, hack into your company’s servers, and attempt other profitable cyberattacks.
But even people who follow password hygiene best practices can be hacked. If there’s a breach on a website that you use, it’s very likely that your credentials will end up on some expensive list on the dark web. Unfortunately, this is something you can’t control. The only thing you can do is to regularly look for stolen credentials by checking a website like Have I Been Pwned and changing your password right away if you find a breach.
You can always add an extra layer of security by enabling multifactor authentication, such as a text message, biometrics, or pin. However, these options involve extra effort, and most people don’t have the patience to go through several steps each time they want to log in. But what if there was a safer way that didn’t require you to remember any passwords to begin with? This is where passwordless accounts come in.
What Is a Passwordless Account?
As the name implies, a passwordless account doesn’t require the input of a password to log in. That doesn’t mean that anyone with your username can enter your account – it will still be protected.
The authentication methods you can opt for depend on the website. While some companies email or text you a one-time code, others take advantage of biometrics – such as fingerprints or face recognition – or use an authentication app. There are also physical tokens, which are special USB keys that you need to plug into your device to log in to your account.
Each solution comes with its own benefits and drawbacks. For example, sending a one-time password to your smartphone or email is great, unless the cybercriminal has already hacked any of these communication channels.
Many companies have been upgrading their services in order to offer a way to log in without a password and Microsoft is one of the latest tech giants to do so. Most people already know that they can log in to their PCs without a password as Microsoft allows you to set up a pin code, picture password, biometrics, and more.
Microsoft Passwordless uses the same technology but allows you to apply it to your online account. In other words, you can now use the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to your phone or email to log in to Microsoft services, such as Outlook, OneDrive, and Office 365.
Before enabling Microsoft Passwordless, it’s important to install the Microsoft Authenticator app on your phone and link it to your account. Only then should you log in to your Microsoft profile, go to Advanced Security Options, and select ‘turn on’ below the Passwordless account option. After this, you just need to follow the instructions and approve the notification on the Microsoft Authenticator to go passwordless.
Is This the End for Password Managers?
The short answer is no. Although tech giants are dipping their toes in the passwordless waters, the truth is that most websites still don’t offer this option. And even when they do, this alternative isn’t bulletproof. For example, a great part of current facial recognition technology is easily tricked by using a photo. Plus, if a hacker is able to breach the website’s defenses, they’ll get access to more sensitive information than just your password – you really don’t want a criminal to have access to your fingerprint.
In a nutshell, while using other authentication methods is more convenient, it’s still safer to use multifactor authentication. In plain English, that means combining a strong password with an extra layer of security continues to be the safest choice. So, we highly recommend sticking to a reliable password manager like 1Password. In addition to making it extremely easy to create and use strong passwords, 1Password scans the dark web nonstop to warn you about breached accounts. Plus, it can be used as an authenticator for websites with multifactor authentication and so combines security with convenience.
Best Password Managers of 2022
|Editor's Choice 2022|
Get the Best Deals on Password Managers
Subscribe to our monthly newsletter to get the best deals, free trials and discounts on password managers.