Microsoft's new "passwordless by default" is great but comes at a cost

&gt; Microsoft has made Authy, Google Authenticator, and similar apps incompatible, a choice that needlessly inconveniences users and undermines the whole “passwordless by default” marketing message.<p>Welp.

It also means that by default you will no longer be able to RDP from one Windows PC to another on your LAN or mount it as a network drive, as neither of these functions works with a passwordless Microsoft account. Even Microsoft&#x27;s new &quot;Windows App&quot; cannot establish RDP connections between Windows systems on your local network.

This has been possible on my business M365 like forever. But yeah they&#x27;re pushing their own authenticator too which is annoying. It&#x27;s Microsoft&#x27;s way though. Always locking you in. Same with ms365 web which never works properly in Firefox.

If you lose your devices because of a car theft for example, you lose access to everything. Everything!<p>Authenticator needs a login. Logins are only through logged in devices. All logged in devices are stolen. Backup?

According to current docs all business-oriented Microsoft Entra ID accounts support only <i>device-bound</i> passkeys. So the Microsoft Authenticator app isn’t absolutely required, a FIDO2 hardware token like a Yubikey or even TPM-backed Windows Hello is supposed to work for these passkeys too.<p>Software-based “syncable” passkeys (such as Bitwarden) have been on the roadmap for 18+ months but are still not available for business MSFT Entra ID accounts for some reason.

&gt; Left out of Microsoft’s announcement is that even after users create a passkey, they can’t go passwordless until they install the Microsoft Authenticator app on their phone. Microsoft has made Authy, Google Authenticator, and similar apps incompatible, a choice that needlessly inconveniences users<p>I was wondering how I managed to get locked out of my Microsoft account when using Authy. It just fails now.

There’s a way to use standard TOTP verification codes with Microsoft Accounts but the last I remember is that it was a pain in the butt to do.

Eventually we all have an extra phone, used for banks, authenticators, gov stuff, that never leaves home and has a different account on it.

So its not great.

I’m forced to use it for work, it’s absolutely not great