Fed up with juggling and trying to remember passwords for all your accounts? You can now go passwordless on your Microsoft account - we show you how
Security experts generally agree that passwords are, at best, an imperfect way of securing an online account. Most of us have dozens, if not hundreds, of logins, and it's well nigh impossible to think up secure passwords and then remember them all.
Some of us outsource generating and managing our passwords to password manager software, but nonetheless, many others still use their pet's name, their football team's name or some other piece of personal information that's all too easy to deduce via social media.
Tech tips you can trust - get our free Tech newsletter for advice, news, deals and stuff the manuals don’t tell you
It's not surprising, then, that it's tempting to just use a handful of passwords across all your websites, but that makes things worse: hackers use a technique called credential stuffing, where they automatically try thousands of passwords on thousands of accounts at a time. If you use the same password on multiple sites, you're much more likely to have those accounts hacked. As Bret Arsenault, chief information security officer at Microsoft says, "hackers don't break in, they log in".
Go passwordless on your Microsoft account
Microsoft has put its money where its mouth is and has now enabled passwordless login for all Microsoft accounts, and it's easy to set up.
First, log in to your Microsoft account here. Then on the first window, click Security in the blue bar at the top.
On the next screen, choose Advanced security options.
On the next screen, scroll down to Passwordless account and click Turn on.
You'll be shown a QR code, which you need to scan with the Microsoft Authenticator app.
If you haven't already downloaded the Microsoft Authenticator app on to your phone or tablet, now is the time to do so. Note that this doesn't work with any other authenticator app: if you already have one such as Authy installed, you'll still need to install Microsoft Authenticator.
Once you've installed the app, open it, and then tap the three dots at the top and tap + Add account and then scan the QR code with the app. You might need to grant it permission to access your photos and storage: it's fine to allow this.
Want some more help with passwords? Our friendly tech team can help you with one-to-one support on a range of tech issues. Find out more here.
Once that's done, you'll need to approve the request on your phone that pops up from the app.
Next time you log in to your Microsoft account, instead of being presented with a password field, you'll be shown a message to approve a prompt from the app on your phone.
You can choose instead to enter your password when you go to sign in to your Microsoft account, but be aware that that turns off the passwordless option for subsequent logins. You'll need to turn it on again using the steps above if you want to re-enable it, and you'll need your phone with the Authenticator app on it to approve the switch.
What if I don't have access to the Authenticator app when I log in?
If you don't have your phone with you when you try to log in to your Microsoft account, click on I don't have access to my Microsoft Authenticator app.
You'll then be offered the choice of having a recovery code sent to you in an email sent to a back-up account you've previously registered on your Microsoft account, or sent to you by SMS.
If you can't access the code that's sent to you via email or SMS, click I don't have any of these, and you'll be asked for a recovery code. If you haven't got that, you'll need to go through the Recover your account process.
For advice on how to create strong passwords, click here