Passwordless Microsoft Account question

9

I’m interested in going passwordless with my MS account, but I can’t get my head around something, and that is what happens if the phone or device that I have MS Authenticator set up on breaks or loose it? How do I get back into my account if I have no password, no SMS number and now no authenticator app. I think I am missing something.

Comments (9)

9 responses to “Passwordless Microsoft Account question”

  1. jimchamplin

    That recovery key they give you is the answer to that. Generally you can go to your security settings and look at your recovery keys. Print them and put them in a secure location like your personal safe.

  2. unit682

    Hello Paul, you probably already know that Ms Edge mobile received an update on Android today or yesterday. It's much better now. I like it more than Chrome.

  3. max daru

    I ordered a FEITIAN ePass K40 for $24.00 from Amazon and will try it out when it arrives. I suppose you could instead have a cheap Android phone as a backup device with the Authenticator app installed.


    I've not tried using the recovery key method. Per Jim's suggestion I've printed it out.

    • wright_is

      I've been using a Yubikey (4 or 5) for the last several years to protect my MS, Google and various other accounts, in addition to the password or authenticator.


      If you get a key, get 2! I always have one on my and another tucked away in my safe at home. If I lose one, I can log on with the other and delete the lost key.


      I haven't deleted my password yet, it is on my to-do list for today. I want to see if I can set up the 2 factor to require the authenticator + the key.

  4. navarac

    I get bothered by this acceleration down the mountainside - aka put all your data on a smartphone. There are a lot of people without one and with the prospect of data loss when the phone is stolen, it is a nightmare. It also gives scroats another reason to pinch the phone.


    In the UK, they are considering putting Driving Licenses on a phone. They have your name/address, DoB etc etc on. Lose the phone and you may as well forget about securing this info by shredding documents.

    To me, it is putting all of your eggs (data) in one basket and it is a recipe for disaster.

    • wright_is

      We are getting electronic prescriptions, here in Germans, and an electronic patient folder going forward (the prescriptions are on trial at the moment, the ePA (ePatient-Akte) should come next year.


      I think the ePrescription is a good idea and the ePA is protected with your medical insurance card (NFC), which is needed to authenticate the app, to access your data.


      The idea is, you have full control of the patient data. A new doctor or specialist then sends you a request and you can give him access to your patient data or specific information (or block him from seeing specific information). For example, if you are going to a chiropractor for a slipped disc, the information about your back and your phsyiology in general is useful, but he doesn't need to know about your psychological problems.


      There is also talk about letting the patient decide, whether they want to release some or all of their information for medical research - there is also talk of a fee for this (the patient will get up to 200€ for allowing access to their information). But that is all still "Zukunftsmusik" (for a future date, or literally future music).


      Given what a crap job the Gematik (the project group responsible for connecting up the doctors' practices in Germany and for the above mentioned systems) has done in setting up the doctors' network so far, I doubt it will appear on time.

  5. geoff

    Use Windows Hello on the PC (if it has a TPM) and you don't need to use a smartphone with Authenticator as well when you log in to the PC.

    Hello can be PIN, facial recognition, fingerprint recognition or some weird picture swiping routine (which requires a touchscreen, obviously). And Hello on works on the specific PC it was set up on. It can't be used to log on to another unknown PC.


    The Authenticator App on a smartphone is the backup to that. You don't need it every day.

    You *DO* need Authenticator to setup a new PC for the first time.


    If you lose your phone and your PC at the same time, and if you don't have Hello set up on another PC . . .

    Make sure you have your recovery keys saved away somewhere.

    Or follow the security steps to get a security code emailed to the secondary email address that you set up when going passwordless.


    It seems like we've been heading this way for years, but 'passwordless' is now - finally! - practical.

  6. mi1984

    Recovery keys sound like password to me. And as I recall people getting lock out when services are down.

  7. mi1984

    Making it easier to get locked out is a security problem too

Leave a Reply