The latest Insider build of Windows 10, 18309, expands the use of a thing that Microsoft has recently introduced: passwordless Microsoft accounts. It’s now possible to create a Microsoft account that uses a one-time code delivered over SMS as its primary authenticator, rather than a conventional password.
In the new Windows 10 build, these passwordless accounts can be used for logging into a machine locally. The initial sign-in will use SMS, and it will then prompt you to configure biometric or PIN authentication. Your face, fingerprint, or PIN will be used subsequently. This capability is in all the editions, from Home up to Enterprise. A few previous builds had constrained it to Home only.
While SMS-based authentication has security issues of its own, Microsoft seems to feel that it’s a better bet for most home users than a likely insecure password. Removing the Windows login password is part of the company’s broader efforts to switch to using a mix of one-time passwords, biometrics, and cryptographic keys.