Microsoft has announced that all new Microsoft accounts will be "passwordless by default" to secure them against password attacks such as phishing, brute force, and credential stuffing.
The announcement comes after the company started rolling out
updated sign-in and sign-up user experience (UX) flows for web and mobile apps in March, optimized for passwordless and passkey-first authentication.
"As part of this simplified UX, we're changing the default behavior for new accounts. Brand new Microsoft accounts will now be 'passwordless by default',"
said Joy Chik, Microsoft's President for Identity & Network Access, and Vasu Jakkal, Corporate Vice President for Microsoft Security.
"New users will have several passwordless options for signing into their account and they'll never need to enroll a password. Existing users can visit their account settings to delete their password."
Redmond says the best passwordless method will be enabled for each account and set as the default. The company also wants more customers to switch to passkeys, a more secure alternative to passwords that uses biometric authentication, such as fingerprints and facial recognition.
Once they're signed in, users will be prompted to enroll a passkey, and the next time they log into their accounts, they'll be asked to sign in with their passkey.
