Since 15 Sep 2021, all Microsoft customers have been able to benefit from “passwordless” accounts, allowing them to transition from using traditional credential combinations to signing in solely via phone- or email-based applications. This change is highly likely to affect the cyber-threat landscape by mitigating many common credential-based attacks. But only time will tell how many people adopt the new feature, and how many remain committed to using the traditional username-password authentication system. Although Microsoft’s move represents a breakthrough in the way its users log in, threat actors will adapt their techniques to accommodate the elimination of password logins.