U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Microsoft sets all new accounts passwordless by default

Microsoft announced that all new accounts will be “passwordless by default” to increase their level of security. Microsoft now makes all new accounts “passwordless by default,” enhancing protection against social engineering attacks, phishing, brute-force, and credential stuffing attacks. “As part of this simplified UX, we’re changing the default behavior for new accounts. Brand new Microsoft […]

Microsoft passwordless by default

Microsoft announced that all new accounts will be “passwordless by default” to increase their level of security.

Microsoft now makes all new accounts “passwordless by default,” enhancing protection against social engineering attacks, phishing, brute-force, and credential stuffing attacks.

“As part of this simplified UX, we’re changing the default behavior for new accounts. Brand new Microsoft accounts will now be “passwordless by default.”” states the company’s announcement.” “New users will have several passwordless options for signing into their account and they’ll never need to enroll a password. Existing users can visit their account settings to delete their password.””

Microsoft has revamped its login system to favor passwordless options, automatically choosing the most secure method available, such as one-time codes or passkey, and prompting users to set up passkeys for stronger protection.

Microsoft passwordless by default

Microsoft is pushing towards a passwordless future with passkeys, now registering nearly 1M daily. The IT giant states that passkey users log in 3x more successfully and 8x faster than those using passwords. New accounts are passwordless by default, and sign-in flows prioritize secure, easy methods like one-time codes and passkeys. These changes also aim to boost user experience while phasing out passwords.

“Instead of showing you all the possible ways for you to sign in, we automatically detect the best available method on your account and set that as the default. For example, if you have a password and “one time code” set up on your account, we’ll prompt you to sign in with your one time code instead of your password. After you’re signed in, you’ll be prompted to enroll a passkey. Then the next time you sign in, you’ll be prompted to sign in with your passkey.” continues the announcement. “This simplified experience gets you signed in faster and in our experiments has reduced password use by over 20%. As more people enroll passkeys, the number of password authentications will continue to decline until we can eventually remove password support altogether.”

Microsoft states that the password era is nearing an end. With over 15 billion user accounts now able to use passkeys, according to the FIDO Alliance, the move toward a passwordless future is accelerating. To mark World Passkey Day, individuals are encouraged to take the first step by securing at least one account with a passkey. This shift not only protects against unauthorized access but also makes signing in quicker, easier, and far more secure.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, passwordless by default)