Microsoft has released a security update for millions of Windows 10 users, proposing clearing their passwords. Do not just change their passwords, delete them!
"From now on you can delete your password from your Microsoft account," Microsoft's Joy Chik confirmed on September 15.
Instead of using a password as soon as you delete it from your Microsoft account, you can simply use the Microsoft Authenticator application. When you log in, a notification will appear on your smartphone asking if you are the one who wants access, you will confirm the request and "log in". It really is both safe and simple. Of course, you can also use Windows Hello, a security key hardware or even one verification code sent via email or on your phone. The common denominator is the complete lack of a password in the process.
Does this really mean the end of passwords for Windows 10 users?
This is important, mainly because it is a departure from similar promises for a password-free process, where the password remains there as a failed backup and remains vulnerable to attack. What did Microsoft say about the above?
"If a user loses access to the Microsoft Authenticator application for any reason," a Microsoft spokesman said, "he can still recover his account if he has access to other authentication options, such as an email or phone number."
You may have a problem here if you are using the application on the same phone number as one of these other verification methods. Anyone gaining access to your phone could potentially obtain your primary and secondary identity information.
A Microsoft spokesman confirmed that deleting the password from a Microsoft account would provide a "safer, simpler and faster way to authenticate" and "completely remove your password from the Windows login for additional safety».
Will you delete the Windows 10 password?
Most people in the cybersecurity community with whom Fordes has talked about moving Microsoft to this password-free option switch agree that it is a positive move toward a more secure authentication for the average user. No, it is not 100% safe, but it's nothing. Why is it positive? Because most people do not have unique, large, complex, random passwords for each account and do not use a password manager. But if you do all of the above, then there is no rush to delete your passwords, to be completely honest.
This feature marks the next step the company is taking to help people become better aware of their cybersecurity, Moore says.
A detailed step-by-step guide to clearing your Microsoft account password
Step XNUMX: From the Microsoft account security settings, click "advanced security options" and then click "turn on" without a password.
Step Two: Click Next and approve the notification in Microsoft Authenticator.
Step Three: You will then be notified that your password removal was successful, including an email to that effect.
Source of information: forbes.com