Enlarge image
Note in the authenticator app: How to get rid of your password
Photo: Matthias Kremp / DER SPIEGEL
At Microsoft, passwords are no longer an issue if you want to.
In the future, you will be able to log into your private Microsoft account without a password.
All users are able to log in with the "Microsoft Authenticator app, Windows Hello, a USB-based security key or a verification code sent to the phone or by email," the company announced.
The new method can be used with applications and services such as Outlook, Onedrive and others.
The group had already made the new system available to corporate customers in March.
Private users are now to be activated for it as well.
The company writes that the introduction will take several weeks.
18 billion attack attempts per year
Microsoft's justification for the new system: »Nobody likes passwords.
If they are safe, we cannot remember them.
If our passwords are easy to remember, they are usually insecure and can be hacked. ”In addition, they would be misused by criminals in attacks on the accounts of companies and private individuals.
Bret Arsenault, Chief Information Security Officer at Microsoft, says: "Hackers: inside don't break in, they log on." According to this, there are around 18 billion attempted attacks using passwords every year.
Often so-called »brute force« methods are used.
With these, cyber criminals attempt to guess passwords with automatically running programs, either by simply working through lists of words or by having an algorithm try out random combinations of letters and characters as a password.
How to set up the login without a password
In order to be able to use the new method for passwordless login to Microsoft accounts, you first need Microsoft's Authenticator app, which you can download here for Android and here for iOS and link to your account.
Once that's done, you have to log in to Microsoft's account website in your web browser and
navigate
to
Additional security
options
under
Security
in the
Advanced
Security
Options and
click
on
Passwordless Account
.
You will then be asked to confirm the request in the authenticator app.
Once this is done, you get the message "Password removed" on the mobile phone and in the browser.
Should you ever feel the need to log in again with a cryptic sequence of numbers and digits, the process can be reversed and a password set up again.