Microsoft has just confirmed a major shift in how over 1 billion users will access their accounts: traditional passwords are being phased out for good. In a clear and urgent message, the company now urges everyone to remove passwords entirely and switch to passkeys, a more secure and faster method of authentication.
“The password era is ending,” Microsoft declared. With 7,000 password attacks blocked every second—nearly double the rate from just a year ago—the company is pushing for a global shift toward passwordless security. And it’s happening fast.
What’s Changing and When?
By the end of April 2025, most Microsoft account users will begin seeing new login and sign-up experiences across web and mobile apps. These changes are designed around one goal: to eliminate the need for passwords entirely.
From now on, when signing up for a new account, users will simply enter an email address and verify it with a one-time code—no password creation required. That email becomes your new default login credential. After that, users can set up a passkey, a more secure and faster alternative to passwords.
Microsoft confirms that passkeys will become the default sign-in method wherever possible. According to the company, passkeys are not only more secure but also three times faster than typing in passwords.
Why Passkeys and Not Just Stronger Passwords?
Microsoft is blunt: passwords are a problem. They can be guessed, stolen, reused, and phished. And keeping them around—even as a backup—continues to expose users to risk.
“Even if we get our more than one billion users to enroll and use passkeys,” the company explains, “if a user has both a passkey and a password that grant access to an account, the account is still at risk for phishing.”
In an age where AI-driven scams and phishing attacks are becoming more advanced and frequent, Microsoft believes it’s no longer enough to simply add security layers like two-factor authentication (2FA). The only way to eliminate the threat is to remove the password entirely.
Already, millions of users have deleted their passwords, and Microsoft says this is just the beginning. Their ultimate goal is to have Microsoft accounts that support only phishing-resistant credentials like passkeys.
Is the Rest of the Tech World Keeping Up?
While Microsoft is moving fast, other tech giants aren’t all on the same page. Google, for instance, still allows passwords to remain as a backup login option, which Microsoft warns leaves a critical vulnerability in place. Without full commitment to password deletion, users remain exposed to the very attacks passkeys are designed to prevent.
Security companies are also backing this move. Authentication provider HYPR recently stated that passkeys—particularly those based on the FIDO standard—are on track to become the most widely used login method within two years.
What’s Next for You?
If you use a Microsoft account, expect to see login changes soon. You’ll be encouraged to remove your password, verify your email, and set up a passkey. This small step can have a major impact on your security.
Microsoft’s message is loud and clear: It’s time to stop relying on passwords, once and for all. Now it’s up to other platforms—and users everywhere—to follow.
Prepared by Navruzakhon Burieva
