Microsoft accounts can go passwordless, making “password123†a thing of the past - Ars Technica
Microsoft has been working to make passwordless sign-in for Windows and Microsoft accounts a reality for years now, and today those efforts come to fruition: The Verge reports that starting today, users can completely remove their passwords from their Microsoft accounts and opt to rely on Microsoft Authenticator or some other form of verification to sign in on new devices.Microsoft added passwordless login support for work and school accounts back in March, but this is the first time the feature has been offered for regular, old individual Microsoft accounts.
Even if you protect your Microsoft account with two-factor authentication, an attacker who knows your Microsoft account password could still try that password on other sites to see if you've reused it anywhere.
Microsoft has offered passwordless authentication for Windows 10 and Microsoft accounts for a while now, and if you're already taking advantage of those features, nothing about how you sign in to your devices has to change.You just need to visit the Microsoft Account site, go to the Security tab, select "Advanced security options," and turn on the passwordless account feature to remove your password entirely.