Microsoft Removes Default Passwords for New Accounts: A Big Step Forward in Security

On the occasion of World Passkey Day (May 1) initiated by the FIDO Alliance, Microsoft announced a groundbreaking change: All new Microsoft accounts will be passwordless by default - a move to accelerate the global trend of passwordless authentication.

From Windows Hello to Passkey: The Journey to Kill Passwords

In fact, Microsoft has been quietly preparing for this turning point for a long time. In 2015, Windows Hello was launched with Windows 10, allowing users to log in using their fingerprint, face, or device PIN. By 2023, the company integrated passkeys (security keys) via the WebAuthn standard into the Edge browser and provided detailed instructions on how to use passkeys on Windows 11.

According to Microsoft, traditional passwords are the biggest 'hole' in security: vulnerable to phishing, bots, or leaks from the web. Statistics show that by 2024, there will be 7,000 password attacks every second – double the number in 2023. Passkey uses device-based or biometric encryption to help reduce the risk.

New account registration experience: Passwordless, simple and secure

With a newly created Microsoft account, users just need to perform the following steps:

1. Step 1 : Select a passwordless authentication method (passkey, Windows Hello, Microsoft Authenticator).
2. Step 2 : Set up biometrics or device PIN.
   Finish: Access the service immediately without entering a password.

Microsoft confirms: " New accounts will default to no password. Users have multiple authentication options and no password is required ."

For users who already have an account and are using a traditional password, a passkey will be used for authentication if set up. After logging in, the system will prompt to set up a passkey if not already set up. Testing has shown that this reduces password usage by 20%, while also making logins faster and less error-prone.

Microsoft's "courage" move to remove default passwords shows that the technology industry is shifting strongly to passwordless authentication methods. Will this be the push that helps passkey become the new standard, completely eliminating traditional passwords? The answer depends on the reaction of users and the business community.