My passwordless journey with Microsoft Account

I have been using passwordless on my org account for a while. I’m focusing on password removal for Microsoft Account using the Microsoft Authentication app and a FIDO2 certified device.

I won’t spend time to say why securing identity and access to services is more relevant than ever; thousands of articles have been written on this topic.

On September 15th Microsoft announced: “you can now completely remove the password from your Microsoft account. Use the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to your phone or email to sign in to your favorite apps and services.

Add personal Microsoft account to the Microsoft Authenticator App

If you don’t already use Microsoft Authenticator App, refer to following instructions:

https://support.microsoft.com/en-us/account-billing/add-personal-microsoft-accounts-to-the-microsoft-authenticator-app-92544b53-7706-4581-a142-30344a2a2a57

Password removal for Microsoft Account using Microsoft Authenticator App

First of all, go on “My Profile” page after authentication to a Microsoft service.

Click on Security, then visit “Advanced Security Options

Advanced Security Option

Click on “Passwordless account” and “Setup you passwordless account

Set up passwordless authentication

Now it’s time to Approve request through your Authenticator App:

Approve request

Finally you’ve just removed your password. You can now sign in to your account by approving a notification from your mobile device.

It’s all set!

You will get notification email:

Notification Email

Now you are going passwordless :)

Password removal for Microsoft Account using FIDO2 Security Key

You have another option to enable passwordless authentication for Microsoft Account, it’s based on FIDO2 security key.

FIDO2 is an open authentication standard, hosted by FIDO Alliance. FIDO2 enables users to leverage commond devices to easily autenticate to online services.

A good starting point to understand how FIDO works is here.

I’ve been using a Feitian FIDO2 security key: K33 model

Feitian K33

This device supports NFC standard, Biometric and Bluetooth.

In order to use Biometric FIDO2 security key, you need to enroll your fingerprints via USB cable and dedicated software: BioPass FIDO2 Manager.

First of all, set your security PIN.

Set up PIN

Next step is about registering you fingerpints.

Adding fingerprint

Going back on My Profile page to set up your Microsoft Account, click on Security, then visit “Advanced Security Options

Click on “Add a new way to verify or sign in” and select “Use a security key

I’ve associated my FIDO2 key using bluetooth, so next step is “Set up your security key

Security key setup

Final step is to try logging in using security key.

At authentication promp click on “Access with Windows Hello or a Security Key” and go thorugh biometric verification step.

passwordless login

Enjoy your passwordless journey.

In the next article I will focus on how to leverage FIDO2 devices in an enterprise context with org accounts.

Stay tuned.

Disclaimer: Opinions expressed are solely my own and do not express the views or opinions of my employer.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store