Inspired by Insiders—Going passwordless

Login stcreen

We all use Windows differently. But if there’s one thing most of us have done countless times, it’s entering a password at the lock screen. Protecting our devices and data with a password has long been a part of the Windows experience. But times have changed, passwords have become vulnerable—and Windows now offers a simpler, more secure sign-in experience without passwords.

This article takes you on our journey with Windows Insiders to transform Windows into a passwordless platform, including the most recent passwordless features (more details about those in a moment). But first, let’s tackle a basic and increasingly important question: what makes a password vulnerable?

There are several issues: First off, passwords are stored on external host servers, making them vulnerable to theft. Users inadvertently hand over passwords through phishing scams.  And once hackers have those passwords, they can use them to sign into an account from anywhere. This makes even complex passwords less secure than many people realize.

Getting beyond passwords

Microsoft has already developed several password alternatives that are more secure and easier to use.

Most Windows fans will already be familiar with one of them: Windows Hello. Introduced with the first release of Windows 10, Windows Hello replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that uses a face or fingerprint biometric or PIN that is tied to a specific device. (See why a PIN is better than a password.)

We also introduced the Microsoft Authenticator app, enabling you to authenticate to your Microsoft account without a password using your tablet or mobile phone. For an additional layer of security, users can enable two-step verification—all in a simple app on your mobile device.

And yet another password alternative: security keys. Along with Windows Hello, you now can use a Microsoft compatible security key to sign into your Microsoft account. This is particularly useful for business users who can carry their key on a USB stick, for example, walk up to any device belonging to their organization and authenticate securely. Learn how to set up a security key.

As we continued to evolve the sign-in experience, we’ve invited Windows Insiders along for the ride—by releasing exciting, new innovations through Windows 10 Insider Preview builds. Let’s dig into a few of the highlights:

Protect your device by making it passwordless

While Windows Hello makes for an easier sign-in experience, it doesn’t eliminate the password option from your device. With this latest feature—currently available in all Fast ring builds—you can now remove the password option entirely, further protecting your device from potential hackers.

Simply turn on “Require Windows Hello sign-in for Microsoft accounts” (which you’ll find in the latest Fast Ring builds under Sign-in options).1 All the places on your device where you use your Microsoft account and password (even your apps and browsers) will automatically switch to modern multifactor authentication with Windows Hello Face, Fingerprint, or PIN.

As we rolled this feature gradually out to Insiders, we were happy to see that almost all Insiders kept the feature running once they tried it. Seems that our community is liking passwordlessness as much as we do!

 

Sign-in options screen with 'Require Windows hello sign-in for Microsoft accounts' toggled on.
A simplified Sign-in options screen includes a new, Windows Hello passwordless option.

Sign into web sites without a password

This feature laid the groundwork for the passwordless option above, enabling users to sign into web sites with their Windows Hello face, fingerprint, PIN, or FIDO2 security keys that are compatible with Microsoft’s implementation. Microsoft Edge was the first browser to natively support Windows Hello—an update that we introduced to Windows Insiders with this test drive demo. Thanks to all those Insiders who and shared feedback and helped refine this experience!

Lock your PC automatically

A feature called “Dynamic Lock” was one of the first sign-in innovations that we rolled out exclusively to Windows Insiders. While not specific to passwords, it does help if you ever forget to lock your PC or tablet. Here’s how it works: Pair your phone to your device using Bluetooth and, if you step away without locking it, Dynamic Lock will lock your device for you as soon as your phone is out of range. Your ongoing feedback has helped us make ongoing improvements, including making the feature instantly searchable. You’ll find Dynamic Lock in Sign-in options.

A better Sign-in options experience

We simplified the Sign-in options settings page by creating one, at-a-glance list and adding more details about each option and how to set them up. (Simply click each option to learn more). A few preview builds later, we also added an option to set up a security key straight from Settings. The new design was part of our aim to help you choose the safest and fastest sign-in option for your needs.

Sign in with just a phone number

This option was initially added to the Windows 10 Home edition of Insider Preview builds. Then, after some bug fixes based on Insider feedback, we introduced it to all Insider Preview builds before releasing it publicly. Check this article for set up details and give it a try. Then let us know what you think in the Feedback Hub.

 

Forgotten pin screen with different options.
You can now easily recover a forgotten PIN above the lock screen.

An easier way to recover a Windows Hello PIN

We know that users occasionally forget their Windows Hello PIN, so we streamlined the “I forgot my PIN” experience above the Windows lock screen. Just like first time sign-in, you can use the Microsoft Authenticator app instead of a password to reset your PIN when signing in. We introduced this feature in the Insider Preview Home Edition and fixed some early bugs based on feedback before rolling out to all builds.

And our passwordless journey doesn’t end there. Just like week, we introduced Windows Hello PIN sign-in support to Safe mode in Build 18995. (Safe Mode is a startup mode used to help troubleshoot issues.)

We hope Insiders like you will continue to join us. Check the Insider blog for news on more feature updates. Then go to the Feedback Hub (under Security and Privacy) to submit any issues or suggestions. As usual, we look forward to your feedback.

SHAPE THE FUTURE OF WINDOWS—BECOME AN INSIDER

PREVIEW THE NEXT EVOLUTION OF WINDOWS

 

1. On Insider Preview builds (Fast ring) before 19002, this option is labelled “Make your device passwordless”.