New Accounts Default to Passkey Login, Phasing Out Passwords
As reported by Bleeping Computer, Microsoft has announced that all new accounts will now be passwordless by default, reinforcing its push to eliminate passwords and enhance protection against common threats like phishing, brute force, and credential stuffing.
This change follows the rollout of updated sign-in and sign-up experiences across Microsoft’s web and mobile platforms earlier this year. The redesigned user experience prioritizes passwordless and passkey-first authentication, streamlining access while reducing reliance on passwords.
Moving Towards FIDO-Based Credentials
New accounts will be set up with passwordless authentication from the start, without requiring users to create or enroll a password. Instead, users will be guided to use secure alternatives such as biometrics or device-based credentials. Once signed in, users will be prompted to register a passkey, a FIDO-based credential that uses fingerprint or facial recognition, which will then become the default sign-in method moving forward.
Microsoft automatically enables the most secure passwordless option for each new account, and existing users have the option to remove their passwords through account settings. Early testing showed that the new experience has already led to a significant reduction in password use.
The move is part of Microsoft’s broader commitment to phasing out password-based authentication. As a board member of the FIDO Alliance, Microsoft has been actively involved in promoting passkeys as a universal, more secure alternative. Support for passkeys was first introduced for personal Microsoft accounts last year, along with native integration into Windows Hello in the Windows 11 22H2 update.
More recently, Microsoft began testing updates to the WebAuthn API, allowing third-party passkey providers to be used for passwordless login on Windows 11 systems. The company expects password use to continue declining as more users adopt passkey authentication, with the long-term goal of eliminating passwords altogether.
Microsoft Follows Industry-Wide Shift
Microsoft’s move reflects a wider industry shift away from traditional passwords in favor of passkeys and biometric authentication. Google recently announced that over 400 million accounts now use passkeys, with more than a billion passwordless sign-ins recorded, while Apple and Amazon have also rolled out similar features across their ecosystems.
The FIDO Alliance, which promotes passkey adoption, estimates that over 15 billion user accounts now support passwordless authentication. With growing consumer awareness and enterprise adoption, passkeys are quickly becoming the standard, offering faster logins and significantly stronger protection against phishing and credential theft.
