As a very curious way to “celebrate” the day of passwords, Microsoft shared with us a small, but very useful trick so that we can say goodbye to the use of passwords in our user account, and with it, for example, access Windows without having to use a key does it ring a bell? Then keep reading, because despite it sounds contradictory, removing passwords from our accounts could improve their security.
Last fall, Microsoft announced that anyone can completely remove their Microsoft account password. The company knows that not everyone is ready to remove passwords, and that it’s not possible for all online accounts, so we’ll also go over some simple ways to improve the security of your passwords.
How to remove passwords from our Microsoft account
It is now possible to authenticate to any Microsoft account without using passwords. To do this instead we must use the Microsoft Authenticator or Windows Hello application, to retemplate it by a two-step authentication, where a security key or verification code is sent to our phone or email, allowing us to use any of Microsoft’s applications and services without passwords. To activate this form of authentication without passwords, the following steps must be followed:
- Download and install Microsoft Authenticator from which your personal Microsoft account should be linked.
- Sign in to your Microsoft account.
- Select Security. In Advanced security optionslook for the option “Account without password” in the section titled Additional security.
- Select Activate.
- must then be approved notification of authenticator.
Once the notification is approved, a password will no longer be required to access your Microsoft accounts. For those who prefer to continue using a password, they can always go back and disable the function without password. From the company they comment that practically 100% of its employees have abandoned the use of passwords to access their corporate accounts since the appearance of this authentication mechanism.
Strengthen the security of other accounts with two-factor authentication
A simple step we can all take to protect our accounts from other services is to add multi-factor authentication, which blocks 99.9% of account compromise attacks. The Microsoft Authenticator app is free and offers multiple authentication options, including time-based one-time passcodes (TOTP), push notifications, and passwordless sign-in, all of which work for any site that supports multi-factor authentication.
The authenticator is available for both Android and iOS and provides the option to turn 2-Step Verification on or off. For Microsoft account, multi-factor authentication is usually only needed the first time you sign in or after you change your password. Once their device is recognized, they will only need their primary login.
Make sure your password is not the weak link
If you still can’t remove passwords for some services, then you should be aware of the following: Instead of keeping attackers out, weak passwords often provide a way in. Using and reusing simple passwords across different accounts can make our lives online easier, but it also leaves the door open. Attackers regularly check social media accounts for dates of birth, vacation locations, pet names and other personal information they know people use to create easy-to-remember passwords.
A recent study found that 68% of people use the same password for different accounts. For example, once a password and email combination has been compromised, it is often sold on the dark web for use in further attacks.
Some basic concepts when creating strong passwords
- At least 12 characters long.
- A combination of lowercase and lowercase letters, numbers, and symbols.
- Not a word that can be found in a dictionary, nor the name of a person, product or organization.
- Completely different from your previous passwords.
- Changed immediately if they suspect it may have been compromised.
- Only share personal information in real time, in person or over the phone. (Be careful with the social networks).
- Be skeptical of linked messages, especially those that ask for personal information.
- Be on the lookout for messages with attachments, even from people or organizations you trust.
- Enable the lock feature on all your mobile devices (fingerprint, PIN or facial recognition).
- Make sure all the apps on your device are legitimate (only from the official app store of your device).
- Keep your browser up to date, browse in incognito mode, and enable Pop-up Blocker.
Advice: When answering security questions, provide an unrelated answer. For example, Q: “Where were you born? A: “Green”. This helps ward off attackers who could use information gleaned from your social media accounts to hack your passwords. (Just make sure the unrelated answers are something he’ll remember.)