{"id":113292,"date":"2022-05-05T06:00:00","date_gmt":"2022-05-05T13:00:00","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?p=113292"},"modified":"2024-09-12T13:54:58","modified_gmt":"2024-09-12T20:54:58","slug":"this-world-password-day-consider-ditching-passwords-altogether","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/05\/05\/this-world-password-day-consider-ditching-passwords-altogether\/","title":{"rendered":"This World Password Day consider ditching passwords altogether"},"content":{"rendered":"\n

Did you know that May 5, 2022, is World Password Day?1<\/sup> Created by cybersecurity professionals in 2013 and designated as the first Thursday every May, World Password Day is meant to foster good password habits that help keep our online lives secure. It might seem strange to have a day set aside to honor something almost no one wants to deal with\u2014like having a holiday for filing your income taxes (actually, that might be a good idea). But in today\u2019s world of online work, school, shopping, healthcare, and almost everything else, keeping our accounts secure is more important than ever<\/a>. Passwords are not only hard to remember and keep track of, but they\u2019re also one of the most common entry points for attackers. In fact, there are 921 password attacks every second<\/strong>\u2014nearly doubling in frequency over the past 12 months<\/strong>.2<\/sup><\/p>\n\n\n\n

But what if you didn\u2019t have to deal with passwords at all? Last fall, we announced that anyone can completely remove the password from their Microsoft account<\/a>. If you\u2019re like me and happy to ditch passwords completely, read on to learn how Microsoft is making it possible to start enjoying a passwordless life today. Still, we know not everyone is ready to say goodbye to passwords, and it\u2019s not possible for all your online accounts. We\u2019ll also go over some easy ways to improve your password hygiene, as well as share some exciting news from our collaboration with the FIDO Alliance<\/a> about a new way to sign in without a password.  <\/p>\n\n\n\n

Free yourself with passwordless sign-in<\/h2>\n\n\n\n

Yes, you can now enjoy secure access to your Microsoft account without <\/em>a password. By using the Microsoft Authenticator<\/a> app, Windows Hello<\/a>, a security key, or a verification code sent to your phone or email, you can go passwordless with any of your Microsoft apps and services. Just follow these five steps:<\/p>\n\n\n\n

    \n
  1. Download and install Microsoft Authenticator<\/a> (linked to your personal Microsoft account).<\/li>\n\n\n\n
  2. Sign in to your Microsoft account<\/a>.<\/li>\n\n\n\n
  3. Choose Security. <\/strong>Under Advanced security options<\/strong>, you\u2019ll see Passwordless account <\/strong>in the section titled Additional security.<\/strong><\/li>\n\n\n\n
  4. Select Turn on<\/strong>.<\/li>\n\n\n\n
  5. Approve <\/strong>the notification from Authenticator<\/strong>.<\/li>\n<\/ol>\n\n\n\n
    \"User<\/figure>\n\n\n\n
    \"Notification<\/figure>\n\n\n\n

    Once you approve the notification, you\u2019ll no longer need a password to access your Microsoft accounts. If you decide you prefer using a password, you can always go back and turn off the passwordless feature. Here at Microsoft, nearly 100 percent of our employees use passwordless options to log into their corporate accounts.<\/p>\n\n\n\n

    Strengthen security with multifactor authentication<\/h2>\n\n\n\n

    One simple step we can all take to protect our accounts today is adding multifactor authentication<\/a>, which blocks 99.9 percent of account compromise attacks<\/a>. The Microsoft Authenticator app is free and provides multiple options for authentication, including time-based one-time passcodes (TOTP), push notifications, and passwordless sign-in\u2014all of which work for any site that supports multifactor authentication. Authenticator is available for Android and iOS and gives you the option to turn two-step verification on or off. For your Microsoft Account, multifactor authentication is usually only needed the first time you sign in or after changing your password. Once your device is recognized, you’ll just need your primary sign-in.<\/p>\n\n\n\n

    \"Microsoft<\/figure>\n\n\n\n

    Make sure your password isn\u2019t the weak link<\/h2>\n\n\n\n

    Rather than keeping attackers out, weak passwords often provide a way in. Using and reusing simple passwords across different accounts might make our online life easier, but it also leaves the door open. Attackers regularly scroll social media accounts looking for birthdates, vacation spots, pet names and other personal information they know people use to create easy-to-remember passwords. A recent study found that 68 percent of people use the same password for different accounts.3<\/sup> For example, once a password and email combination has been compromised, it\u2019s often sold on the dark web for use in additional attacks. As my friend Bret Arsenault, our Chief Information Security Officer (CISO) here at Microsoft, likes to say, \u201cHackers don\u2019t break in, they log in.\u201d<\/p>\n\n\n\n

    Some basics to remember\u2014make sure your password is:<\/h3>\n\n\n\n