Microsoft has announced that all new Microsoft accounts will now be “passwordless by default” in a move to enhance account security. This shift aims to protect users from common password-related attacks such as phishing, brute force, and credential stuffing.
The update follows Microsoft’s rollout of a redesigned sign-in and sign-up experience in March, focused on passwordless and passkey-first authentication across its web and mobile platforms. The company says this new approach simplifies the user experience while improving protection against evolving cyber threats.
Joy Chik, President for Identity & Network Access, and Vasu Jakkal, Corporate Vice President for Microsoft Security, explained the change in a joint statement: “Brand new Microsoft accounts will now be ‘passwordless by default.’ New users will have several passwordless options and will never need to enroll a password.”
Existing Microsoft account holders can also opt into the new system by removing their passwords through their account settings. The system will automatically assign the most secure passwordless method available as the default for each account.
Why it matters
Passwords are a major vulnerability in digital security, often targeted by cybercriminals through phishing or reuse across platforms. By making accounts passwordless, Microsoft reduces the attack surface and minimizes risk. The company’s internal tests show a 20% drop in password usage, signaling user adoption and effectiveness.
The company is also advocating for the adoption of passkeys—digital credentials backed by biometric authentication methods such as fingerprints or facial recognition. Users who sign in with traditional methods will be prompted to enroll a passkey, which becomes their primary authentication method going forward.
Microsoft is a board member of the FIDO Alliance, an industry group advancing the global adoption of passwordless standards. The tech giant previously rolled out passkey support for personal Microsoft accounts and integrated a passkey manager in Windows Hello through the Windows 11 22H2 update.
In a related development, Microsoft has also begun testing WebAuthn API updates to allow authentication using third-party passkey providers in Windows 11.
This broader move toward passwordless access is part of a long-term strategy to phase out passwords entirely, as user adoption of secure alternatives continues to rise.
About Author
