Blog Post

Microsoft Entra Blog
5 MIN READ

New user experience for consumer authentication

Robin Goldstein's avatar
Robin Goldstein
Former Employee
Mar 26, 2025

Microsoft is rolling out a new sign in experience for over 1 billion end users. What we learn can help to improve sign-in for all Microsoft customers.

Hello friends,  Today, I’m excited to share that we’re making authentication more modern, simple, and secure for over a billion Microsoft accounts. People around the world use Microsoft accounts to...
Updated Mar 26, 2025
Version 2.0
microsoft 365
Robin Goldstein's avatar
Former Employee
Joined September 28, 2018
View Profile
Microsoft Entra Blog
Stay informed on how to secure access for employees, customers, and non-human identities, from anywhere, to multicloud and on-premises resources, with comprehensive identity and network access solutions powered by AI.
shommes's avatar
shommes
Copper Contributor
Mar 31, 2025

This is getting ridiculous.

 

I have to jump through multiple hoops to sign in. It's easy to make passkeys faster if you throw down roadblocks for people who want to log in with their password by hiding the option somewhere at the bottom  of a submenu instead of making it the default option as it should be. 

 

Robin Goldstein: Why are you so keen on destroying users' ability to get into their own account securely? Why are you working to delete user data without permission by the end of the month? Why are you claiming a device PIN is more secure than a long and random password? And why are you trying to force users to put their biometric data at risk? 

Are you really that keen to overrun tge support team and lose a billion users in a months time?

  • Robin Goldstein's avatar
    Robin Goldstein
    Former Employee
    Apr 03, 2025

    shommes Thanks for reading our update. We care deeply about customer experience and will continue to invest with user feedback and data as a guide. The user research referenced in the post is based on observing users who must use passwords v users who decide to use passkeys instead. Device pins and faceID's do not sync to the cloud. Customers who have passwords on their accounts are welcome to keep using them, we are not deleting passwords or data as a part of these changes. Thanks!

    • shommes's avatar
      shommes
      Copper Contributor
      May 03, 2025

      "Device pins and faceID's do not sync to the cloud."

      That's not the point. The point is that requiring me to store biometric data on my device means it can be stolen (and become the victim of identity theft) when I shouldn't have to use it to begin with.

      1. The login experience is optimized for people who log in without passwords instead of being optimized for the method someone actually uses. That is hostile design. I shouldn't have to click through all the passkey nonsense because you can't be bothered to optimize for passwords. You are designing the login experience to be hostile to password users on purpose hoping to convince people to switch to another method when you should be designing with the user's preference at the core.
      2. We now also have reports that new accounts will no longer support passwords starting in June 2025. Again, hostile design. We should be able to log in normally.
      3. The reliance on passwordless has accessibility issues for people who can't use faceID or fingerprints.

      It is clear to me that Microsoft only cares about people who agree with their current approach to "security". Unless something changes drastically, I will switch to Linux when Windows 10 is unceremoniously slaughtered in October. At that point there is nothing left to stick around for: just an inferior OS stuffed with AI spyware and an inferior login method that isn't securing any account data and actively tries to lock out the user who should have access. 

    • shommes's avatar
      shommes
      Copper Contributor
      Apr 04, 2025

      A lot of news outlets are claiming Microsoft is deleting passwords, so it would help a lot of people if you are open about the process and let people know they don't have to fear losing their passwords yet. That said, you have already told people Microsoft's goal is to get rid of passwords eventually and that is a bad thing, especially when you're not transparent about the timeline on it.

      As for the login experience: Why does it have to be a one-size-fits-all experience? I'm not using passkeys, so why can't you just check my account settings, realize I'm not using them and then skip all the unnecessary passkey screens (and put my username and password on the same screen to avoid unnecessary clicks)?