Microsoft kills off passwords with Authenticator's new phone logins

With Microsoft's updated Authenticator app, you'll be able to sign in to Microsoft accounts without having to remember complicated passwords.
Written by Liam Tung, Contributing Writer

Just hit 'Approve' to sign in to a Microsoft account from your phone.

Image: Microsoft

Microsoft has rolled-out an update to its Authenticator app for iOS and Android that lets you sign in to Microsoft accounts without using a password.

The update to Authenticator should shave a few seconds off signing into Outlook or other Microsoft accounts, and make life easier for those who've picked long, hard-to-remember passwords such as ones created by a password manager.

Previously, Microsoft Authenticator, like Google's Authenticator, has been used to generate one-time codes for two-factor authentication sign-in.

Now Microsoft Authenticator can be set up with Microsoft accounts so that users can sign in by tapping an 'approve' notification that's displayed on the phone when signing in on the web. To approve the sign-in, the phone must be unlocked.

If you're signing in from a browser on the phone, the login page will display a two-digit number. The Authenticator app presents three two-digit combinations and asks you to confirm the correct one.

Users will see a new option on the sign-in page to use Authenticator for a Microsoft account. On iPhones with Touch ID, Authenticator will ask the user to confirm the approval by pressing the home button's fingerprint reader.

Microsoft's Identity division argues the new sign-in is easier for users and more secure than using a password alone since, as with two-factor authentication, an attacker would need to have possession of the phone.

"This process is easier than standard two-step verification and significantly more secure than only a password, which can be forgotten, phished, or compromised," said Alex Simons, director of program management at Microsoft's Identity Division.

"Using your phone to sign in with PIN or fingerprint is a seamless way to incorporate two account 'proofs' in a way that feels natural and familiar," he added.

If users wish to keep using a password, there is an option to switch back, and Microsoft will remember the preference for the next sign-in.

The feature is available for Authenticator on iOS and Android, but not Windows 10 Mobile. Simons said it's prioritized support for iOS and Android because Windows 10 Mobile makes up less than five percent of the active users of its Authenticator Apps.

"If/when it becomes a big success on those high-scale platforms, we will evaluate adding support for Windows Phone," he said.

Read more on Microsoft security

Editorial standards