Passwordless login? What’s that all about?

By | July 11, 2022

Hello

If you use a Microsoft account for anything – if you have a Windows PC or laptop, or use the online versions of Word or Outlook email – you might have had a message about “going passwordless”.

It sounds like a bit of a strange idea, when everyone’s always banging on about strong passwords being so important, so I thought I’d tell you a bit more about it and how it works.

The idea is that passwords are generally bad.  When you create a password, you tend to end up with either a weak one that you can remember, a strong one that you can’t remember, or a strongish one that you memorise and use for everything!  None of those options are good.

Of course, if you use a password manager like LastPass, you can have as many different strong passwords as you like and you only need to remember your one master password.  These things aren’t always the most user-friendly though – I find the LastPass app a bit fiddly, and I know what I’m doing with technology!

But Microsoft have gone for a different solution – one that I think works really well if you have a smartphone with “biometrics”.  That’s just a fingerprint sensor or facial recognition – pretty much any smartphone made in the last five years or so.

The way it works is that you remove your password altogether – so there isn’t one for a hacker to guess – and you sign in directly using your fingerprint, face or a PIN in the Microsoft Authenticator app on your phone.  There are other options if you don’t have a smartphone, but I don’t really think they’re an improvement on a password.  So if you either can’t install Microsoft Authenticator on a smartphone, or don’t want to (which is fine) you can stick with your existing password set-up.

Anyway, here’s how it works (briefly):

  • On your phone, search your app store for Microsoft Authenticator and install it – it’s a free app.
  • Once it’s installed, you’ll need to set it up by signing in to your Microsoft account.  You can also store other passwords in there like a password manager, but you don’t have to – so feel free to say no to all that.
  • Then on your computer, you need to open your browser and go into the advanced security settings for your Microsoft account.
  • From there, you can turn “Passwordless account” on.  Then next time you need to sign in, you’ll get a message pop up on your phone from Microsoft Authenticator.  Just follow the instructions on your screen to sign in.

You can read more about the passwordless setup on Microsoft’s website, here – including what happens if you lose your phone or it gets broken.  I turned this on last week, and I’ve been really happy with it so far.

Right – that’s it from me for this week.

Yours
Julie Wakeling

Leave a Reply

The name you enter will be displayed. We collect your email address but do not display it. Full privacy policy here. Required fields are marked *