Microsoft goes passwordless by default for all new accounts

In a bold move to enhance digital security and user convenience, Microsoft has announced that all new accounts will now be passwordless by default, accelerating the company’s transition to modern, more secure authentication methods. The announcement marks a significant step in Microsoft's broader strategy to eliminate traditional passwords, which are increasingly seen as both inconvenient and vulnerable to cyberattacks.

Building on its May 2023 entry into the passkey ecosystem, Microsoft now aims to make passkeys the default method of logging in for new users across Windows PCs and all Microsoft services. The initiative is designed to eliminate the need for users to remember — or risk compromising — complex passwords.

How Passkeys Work

At the core of this shift are passkeys — digital credentials that turn a user’s personal device into a secure login method. These passkeys are cryptographically generated and stored locally on a user’s trusted device, such as a smartphone or computer. Logging in becomes as simple as verifying identity through a face scan, fingerprint, or device PIN, eliminating the need for entering passwords or dealing with phishing risks.

According to Microsoft’s latest security update, “New users will have several passwordless options for signing into their account and they’ll never need to enroll a password.” Existing users are also encouraged to transition, with the option to remove saved passwords from their account dashboard and fully embrace passkeys.

A New Login Experience

The revamped login process offers both enhanced security and a smoother user experience. For example, users who previously enabled two-factor authentication (2FA) will no longer need to enter a password at all. Instead, they’ll receive a code via SMS or email — or simply use a passkey, skipping 2FA entirely in subsequent logins.

Microsoft joins tech giants Google and Apple in what has become a cross-industry shift toward passwordless authentication, rooted in standards set by the FIDO Alliance. Passkeys follow strict FIDO protocols and leverage end-to-end encryption to protect user data. The private key used to unlock accounts never leaves the user’s device, and can only be activated through biometric or PIN-based verification.

Broad Compatibility and Setup

Setting up passkeys on Microsoft accounts is straightforward, especially with the Microsoft Authenticator app, available on both Android and iOS. Once a passkey is registered, users can enable it via their phone’s settings: on Android, through the “Passwords & accounts” section; on iOS, through the “Autofill & Passwords” menu.

The system is fully supported across Windows 10 and 11, macOS Ventura and later, iOS 16, Android 9, as well as ChromeOS 109 and modern versions of Chrome, Microsoft Edge, and Safari. This wide compatibility ensures that users across platforms can adopt passwordless authentication without sacrificing convenience.

For those who prefer alternatives to Microsoft’s Authenticator app, third-party options like 1Password are also supported. Regardless of the platform or app used, passkey data remains securely encrypted and protected by the device’s TPM (Trusted Platform Module) — a hardware component designed to safeguard sensitive information.

The Passwordless Future

Microsoft’s decision to make passkeys the default for new accounts is not just a convenience feature; it’s a strategic push against the rising tide of cyber threats. With password attacks reportedly occurring at rates exceeding 7,000 per second globally, the traditional password model is increasingly untenable.

As more major players join the passkey movement, Microsoft’s initiative signals a broader industry trend toward simpler, safer authentication. For users, it means a future with fewer passwords — and far fewer headaches.