Going Passwordless with Microsoft - Part 1

Passwordless hit the mainstream news last month when Microsoft announced that you could now remove your password from your Microsoft Accounts. So instantly this was something I went and did straightaway, I have had a couple of FEITIAN FIDO 2 keys sat on my desk and thought what better use than to remove my password and go passwordless on my Microsoft Account.

Why Passwordless?

One of the most common thoughts is why Passwordless, the answer is that no one really likes passwords, let alone maintaining them. When I think back to the days when I didn’t have password management built into Browser, like the tools available today through Microsoft Edge and Google Chrome, I would A either use the same password (Shock horror, but admit we all do that) or B I would have created a new one and forgotten it so had to reset it each time.

For most people trying to remember all those passwords are a nightmare, so we now see the creation of Password Books, which hold all your passwords nice and securely written down in a little black book. (Internal screaming!!!). Add on the fact that they are the prime target for attacks.

Due to the fact that passwords are inconvenient, it makes sense that we explore a Passwordless world, with more complex attacks, such as automated password spraying and phishing to trick you into putting your credentials into a fake website.

What do you need?

To move to Passwordless is not complex, you don’t need a FIDO 2 key or a Windows Hello enabled webcam, you can instead use the Windows Authenticator app on your iOS or Android smartphone. Now you can use several options including, Windows Hello - Face, FingerPrint or a PIN (Windows PC only), a security key or get a code either via email or text.

Now it’s always recommended to have a backup option for Authentication, so where possible either set up an alternative method.

How do you enable it?

Concentrating on the consumer method, going passwordless is really straightforward. Follow these easy steps:

1. If you don’t have the MS Authenticator App, download and install it on your mobile device. Either through the App Store or Play Store. Alternatively go to https://aka.ms/authapp
2. Once its downloaded, Open the Authenticator app and set up your account in the app by following the prompts. Details here
3. Sign in to your Microsoft Account Additional security options
4. Under Password-free account, select Turn On
5. Follow the prompts to verify your account.
6. Approve the request sent to your Microsoft Authenticator app

It should take no longer than 10 minutes to get this set up and drastically increases the security on your account, as well as simplifying your sign-in experience. Now if you want you can always revert back.

But what if you want to add another authentication method? Well, it’s easy really, you need to navigate back to the Microsoft Account Additional security options. Where you will be presented with the option to add additional ways to prove who you are.

Click Add a new way to sign in or verify, then select the relevant option and follow the on-screen prompts. This will allow you to set up multiple authentication types.

What about Work or School accounts?

Well the option to remove passwords completely from Work and School accounts in Azure AD doesn’t exist at this point in time, it’s on the roadmap for Microsoft and more will be announced at the Your Passwordless Future Starts Now digital event on the 13th October. But that doesn’t mean your Passwordless journey can’t start already with your corporate accounts in Azure AD, you can still get started using the methods described above, just not remove the need for a password yet.

What next?

I plan to cover off Passwordless for Organisations in more detail in another blog.