Now you can sign into your Microsoft Account with your face or a security key—no password needed
Business Management

Now you can sign into your Microsoft Account with your face or a security key—no password needed

A lot of people don’t bother using password managers, and most people’s passwords are terrible. Poor passwords lead to poor security. Microsoft’s making it easier to batten down the hatches by letting you sign into its services using two new methods that don’t require a user name or password.

Starting Tuesday you can sign into your Microsoft Account using either Windows Hello biometric security or a physical security key, the company announced. (You could already use the Microsoft Authenticator app for passwordless sign-on, as well.) The page for a compatible Yubico key says the passwordless authentication works on Outlook, Office, Skype, OneDrive, Xbox Live, Bing, the Microsoft Store, and Windows itself. That’s pretty much everywhere you’d use a Microsoft Account online.

Killing passwords comes with some pretty strict compatibility requirements, though. You’ll need to be running the Windows 10 October 2018 Update, which only re-released to the public a few weeks ago, and Microsoft’s ho-hum Edge browser. You’ll also need to make sure your security key is compatible with the FIDO2 CTAP specification that serves as the secret sauce behind these newfound capabilities.

“How do Windows Hello and FIDO2 devices implement this? Based on the capabilities of your Windows 10 device, you will either have a built-in secure enclave, known as a hardware trusted platform module (TPM) or a software TPM,” Microsoft corporate vice president Alex Simons said in the post announcing the feature. “The TPM stores the private key, which requires either your face, fingerprint, or PIN to unlock it. Similarly, a FIDO2 device, like a security key, is a small external device with its own built-in secure enclave that stores the private key and requires the biometric or PIN to unlock it. Both options offer two-factor authentication in one step, requiring both a registered device and a biometric or PIN to successfully sign in.”

You can get started with Microsoft’s passwordless authentication by setting up Windows Hello on your computer, or by registering your physical security key in the Security > More security > Windows Hello and security keys section of your Microsoft Account page while using the Edge browser.

Why this matters: Eliminating the need to use passwords eliminates the temptation to get lazy and reuse weak passwords—a huge boon in these breach-tastic days. And if you’re using a passwordless sign-in option for your Microsoft Account, you’ll be much more likely to identify phishing attempts, too. If you click a link and it asks for your login information, it’s probably not legit.

PREVIOUS ARTICLE

« Amazon Echo Dot vs. Google Home Mini

NEXT ARTICLE

Best gaming mouse: Find your perfect match »
author_image
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail

Recommended for You

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Amazon Cloud looms over China: Bezos enters Alibaba home ground

Lewis Page gets down to business across global tech

Poll

Do you think your smartphone is making you a workaholic?