Microsoft announced that all of its accounts (Outlook, Xbox, Azure, etc) can now be accessed without a password. Which means you’ll be able to log in by using a combination of fingerprint/facial recognition, Microsoft’s authenticator app, and a verification code sent to your phone/email.
What does that really mean? Is your smartphone going to hold the keys to the kingdom moving forward? What if you lose your phone though? Or your SIM card gets hacked/swapped?
If your phone number is compromised, email password can be most likely reset using the “forgot your password” option. If you are able to gain access to both (email and phone) then everything else can be reset as well from there. Cell phone companies have to invest a lot more into cybersecurity if that is the case. Data breaches are simply not even an option at that point.
More information below:
https://www.techrepublic.com/article/you-can-now-eliminate-the-password-for-your-microsoft-account/