Originally published at ssojet
Microsoft is transitioning to a passwordless authentication model, aiming to enhance security by encouraging users to adopt more secure methods. The company will now default new accounts to passwordless options such as passkeys, push notifications, and security keys. Current accounts retain their passwords but new users will not be prompted to create one.
"As part of this simplified UX, we’re changing the default behavior for new accounts. Brand new Microsoft accounts will now be “passwordless by default.” New users will have several passwordless options for signing into their account and they’ll never need to enroll a password."
This shift is part of a broader strategy to eliminate passwords entirely, reflecting a commitment to modern security practices. Microsoft is also renaming “World Password Day” to “World Passkey Day” in alignment with this initiative. The company reports that it is seeing “nearly a million passkeys registered every day,” with a 98 percent success rate for passkey users compared to just 32 percent for those relying on traditional passwords.
Image courtesy of The Verge
Explore more about the passwordless approach at The Verge and CSO Online.
Microsoft Takes First Step Toward Passwordless Future
Microsoft is advancing its path to eliminate password-based user authentication by integrating access keys and biometric identity verification methods. In the consumer application segment, users will be able to create accounts without the need for passwords. Instead, they will receive one-time security codes via email for verification, subsequently creating access keys for future logins.
The company emphasizes the need for a streamlined and intuitive login experience across its applications, including Outlook, Xbox, and Microsoft 365. This transition aims to reduce user confusion and enhance security across platforms.
Image courtesy of CSO Online
Learn more about the future of authentication at CSO Online and Microsoft's Entra Blog.
Going Passwordless with Microsoft Accounts
To enhance security, Microsoft allows users to remove passwords from their accounts, opting for methods such as the Microsoft Authenticator app, Windows Hello, or physical security keys. The transition to a passwordless account is designed to be simple and secure, with alternative sign-in methods providing enhanced protection against breaches.
Users can easily enable passwordless sign-in by downloading the Microsoft Authenticator app, setting up their account, and following prompts to complete the process. The company will also introduce sign-in approval notifications in the Outlook for Android app by January 2024.
Image courtesy of Microsoft Security Blog
Further details on going passwordless can be found on Microsoft Support and Microsoft's Authenticator app page.
Automatic Conditional Access Policies in Microsoft Entra
Microsoft is rolling out Microsoft-managed Conditional Access policies within Microsoft Entra to enhance identity protection. These policies will automatically safeguard users based on risk signals and usage patterns. The goal is to provide users with a secure environment while maintaining productivity.
With a focus on multifactor authentication, the first three policies will require MFA for admin portals, per-user MFA users, and high-risk sign-ins. This proactive approach aims to simplify the security process and enable organizations to better protect themselves against cyber threats.
Image courtesy of Microsoft Security Blog
Learn more about these policies and their impact at Microsoft Security Blog and Microsoft Entra.
For organizations looking to implement secure Single Sign-On (SSO) and user management, consider SSOJet's API-first platform. With features like directory sync, SAML, OIDC, and magic link authentication, SSOJet provides robust solutions tailored for enterprise clients. Explore SSOJet's offerings at https://ssojet.com and see how you can enhance your authentication processes today.