Going passwordless

Sign-in screen with different options.

We all use Windows differently, but if there’s one thing most of us have done countless times, it’s entered a password on the lock screen. Protecting our devices and data with a password has long been a part of the Windows experience. But times have changed, passwords have become vulnerable. Now Windows offers a more secure and simple sign-in experience, without passwords.

So how have our passwordless sign-in options gotten to where they’re at now, and how are Windows Insiders helping us determine what’s next? Let’s take a look!

Moving beyond passwords

What makes a password vulnerable? First, passwords are stored on external servers, making it possible for them to get stolen. Some users are tricked into handing over passwords through phishing scams. Once hackers have those passwords, they can use them to sign into an account from anywhere. This makes even complex passwords less secure than you might think.

Microsoft has already developed several password alternatives that are more secure and easier to use. Most Windows fans will already be familiar with one of the most important ones, Windows Hello. Introduced with the first release of Windows 10, Windows Hello replaces passwords with strong two-factor authentication on your devices. This authentication uses a face, fingerprint, or PIN that is tied to a specific device. (Learn more about why a PIN is better than a password.)

We also introduced the Microsoft Authenticator app, which lets you authenticate your Microsoft account without a password through an app on your tablet or phone. For an extra layer of security, you can also turn on two-step verification, all from a simple app on your mobile device.

Another password alternative, now you can use a Microsoft-compatible security key along with Windows Hello to sign into your account. This is particularly useful for business users. Carry your key on a USB stick, walk up to any device belonging to your organization, and authenticate securely. Learn how to set up a security key.

As we continue to evolve the sign-in experience, we’ve invited Windows Insiders along for the ride by releasing exciting, new innovations through Windows 10 Insider Preview builds.

Protect your device by going passwordless

While Windows Hello makes for an easier sign-in experience, it doesn’t eliminate the password option from your device. With this latest feature, currently available in all Fast ring builds, you can remove the password option entirely, further protecting your device from potential hackers.

Simply turn on Require Windows Hello sign-in for Microsoft accounts, which you’ll find in the latest Fast ring builds under Settings > Accounts > Sign-in options.1 All the places on your device where you use your Microsoft account and password (even your apps and browsers) will automatically switch to modern multi-factor authentication with Windows Hello face, fingerprint, or PIN.

As we rolled this feature out to Insiders, we were happy to see that almost all of you kept the feature running once you’d tried it. Seems that our community is liking going passwordless as much as we do!

 

Sign-in options screen with 'Require Windows hello sign-in for Microsoft accounts' toggled on.
Sign-in options in Settings now includes a new, Windows Hello passwordless option.

Sign in to websites without a password

This feature laid the groundwork for the passwordless options by letting you sign into websites with your Windows Hello face, fingerprint, PIN, or FIDO2 security keys, that are compatible with Microsoft’s implementation.

Microsoft Edge was the first browser to natively support Windows Hello, an update that we introduced to Windows Insiders with this test drive demo.

Thanks to all of you who shared feedback and helped refine this experience!

Lock your device automatically

A feature called Dynamic Lock was one of the first sign-in innovations that we rolled out exclusively to Windows Insiders. While not specific to passwords, it does help if you ever forget to lock your device.

Here’s how it works: Pair your phone to your device using Bluetooth, and if you step away without locking it, Dynamic Lock will lock your device for you as soon as your phone is out of range.

Your ongoing feedback has helped us make ongoing improvements, including making the feature instantly searchable. You can find Dynamic Lock in Settings > Accounts > Sign-in options.

A better Sign-in options experience

We simplified the Settings > Accounts > Sign-in options page by creating one at-a-glance list, then adding more details about each option and how to set them up. Just select each option to learn more.

A few Insider Preview builds later, we also added an option to set up a security key straight from Settings. The new design was part of our goal to help you choose the safest and fastest sign-in option for your needs.

Sign in with just a phone number

This option was initially added to the Windows 10 Home edition of Insider Preview builds. Then, after some bug fixes based on Insider feedback, we introduced it to all Insider Preview builds, before releasing it publicly.

Get setup details in this article  and give it a try. Then let us know what you think in the Feedback Hub.

 

Forgotten pin screen with different options.
You can now easily recover a forgotten PIN above the lock screen.

An easier way to recover a Windows Hello PIN

We know that you sometimes forget your Windows Hello PIN, so we streamlined the I forgot my PIN experience on the Windows lock screen. Just like when you sign-in for the first time, you can use the Microsoft Authenticator app instead of a password to reset your PIN.

We introduced this feature in the Insider Preview Home Edition and fixed some early bugs based on feedback, before rolling it out to all builds.

What’s next

And our passwordless journey doesn’t end there. Just last week, we introduced Windows Hello PIN sign-in support to Safe mode in Build 18995. (Safe Mode is a startup mode used to help troubleshoot issues.)

We hope Insiders like you will continue to join us. Check out our flight blog posts for news on more feature updates. Then go to the Feedback Hub to submit any issues or suggestions under the Security and Privacy category. As usual, we look forward to your feedback!

 

1. On Insider Preview builds before 19002, this option is labeled “Make your device passwordless.”