Pierluigi Paganini
May 02, 2025
Microsoft now makes all new accounts “passwordless by default,” enhancing protection against social engineering attacks, phishing, brute-force, and credential stuffing attacks.
“As part of this simplified UX, we’re changing the default behavior for new accounts. Brand new Microsoft accounts will now be “passwordless by default.”” states the company’s announcement.” “New users will have several passwordless options for signing into their account and they’ll never need to enroll a password. Existing users can visit their account settings to delete their password.””
Microsoft has revamped its login system to favor passwordless options, automatically choosing the most secure method available, such as one-time codes or passkey, and prompting users to set up passkeys for stronger protection.
Microsoft is pushing towards a passwordless future with passkeys, now registering nearly 1M daily. The IT giant states that passkey users log in 3x more successfully and 8x faster than those using passwords. New accounts are passwordless by default, and sign-in flows prioritize secure, easy methods like one-time codes and passkeys. These changes also aim to boost user experience while phasing out passwords.
“Instead of showing you all the possible ways for you to sign in, we automatically detect the best available method on your account and set that as the default. For example, if you have a password and “one time code” set up on your account, we’ll prompt you to sign in with your one time code instead of your password. After you’re signed in, you’ll be prompted to enroll a passkey. Then the next time you sign in, you’ll be prompted to sign in with your passkey.” continues the announcement. “This simplified experience gets you signed in faster and in our experiments has reduced password use by over 20%. As more people enroll passkeys, the number of password authentications will continue to decline until we can eventually remove password support altogether.”
Microsoft states that the password era is nearing an end. With over 15 billion user accounts now able to use passkeys, according to the FIDO Alliance, the move toward a passwordless future is accelerating. To mark World Passkey Day, individuals are encouraged to take the first step by securing at least one account with a passkey. This shift not only protects against unauthorized access but also makes signing in quicker, easier, and far more secure.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, passwordless by default)
