How to make your PC passwordless in the Windows 10 May 2020 Update


You don’t need an account password to sign into Windows 10 version 2004.


Microsoft has long offered its Windows Hello feature to let you sign into your Windows 10 PC with a PIN, fingerprint, or facial recognition. But when you’re at the login screen, you’ll notice that signing in with a password is still available. That’s fine if you want your password as a backup method for authentication, but if a hacker ever compromises your Windows password and gains access to your computer, they could easily sign in with your account. One way to guard against this is to remove the password option from the login screen in Windows 10. You can do that with the Windows 10 May 2020 Update, aka Windows 10 2004. Here are the steps.

SEE: Windows 10 Start menu hacks (TechRepublic Premium)

First, make sure you’re running Windows 10 version 2004. To check, go to Settings | System | About. Look in the section for Windows specifications. If the version says 2004 or higher, you’re set (Figure A).

Figure A

If you don’t have Windows 10 2004 and want to install it, go to Update & Security and Windows Update. If the Feature Update To Windows 10, Version 2004 is ready for your PC, click the Download And Install link to apply it (Figure B).

Figure B

After the update is installed, make sure you’ve enabled some means of Windows Hello authentication so you don’t need to rely on your Windows password. If necessary, go to Settings | System | Sign-in Options. If you haven’t already done so, set up a PIN, or a fingerprint, or facial recognition (Figure C).

Figure C

Scroll down the Sign-in Options screen. Make sure the switch for Require Windows Hello Sign-in For Microsoft Accounts is turned off (Figure D).

Figure D

Sign out of Windows and then go back to the sign in screen. Click the link for Sign-in Options. Select each of the icons and notice that the option for password is available as usual (Figure E). Sign into Windows using your preferred method.

Figure E

Go to Settings | Account | Sign-in Options. Scroll down the screen and turn on the switch for Require Windows Hello Sign-in For Microsoft Accounts (Figure F).

Figure F

Sign out of Windows. Back at the sign-in screen, click the link for Sign-in Options. Select each of the icons, and you’ll find that the option for password is now no longer accessible (Figure G).

Figure G

Microsoft Weekly Newsletter

Be your company’s Microsoft insider by reading these Windows and Office tips, tricks, and cheat sheets.
Delivered Mondays and Wednesdays

Sign up today

Also see

How to set up passwordless SSH authentication for Ubuntu Server


Learn how to enable passwordless SSH authentication on both Linux and macOS.

Image: Getty Images/iStockphoto

You probably secure shell into your Linux servers throughout the day. Hopefully, you’ve set those servers up such that you’re using SSH Key Authentication. Why? Because that’s the most secure way to use SSH logins to your remote data center servers.

If not, I want to walk you through the process of setting up SSH key authentication, with the addition of making it such that you don’t have to enter a password when you log in. 

SEE: SSL Certificate Best Practices Policy (TechRepublic Premium)

What you’ll need

This process can be done with just about any client that supports SSH. I’ve successfully tested it on both Linux and macOS. On the remote end, I’ll be demonstrating with Ubuntu Server 20.04.

How to create your SSH key pair

The first thing to be done is the generating of your SSH key pair. This step is taken care of on the client side. The process is exactly the same on Linux as it is on macOS. 

Log in to your desktop client, open a terminal window, and issue the command:

ssh-keygen -t rsa -b 4096

We’re generating a strong key, with the addition of the -b 4096 option.

Make sure to give your keypair a very strong passphrase. Because of the nature of what we’re doing, you want a password/phrase that’s impossible to guess–so go big.

You might also consider locating this keypair in a non-standard location. For this, you could always create a hidden directory with a name that has nothing to do with SSH or security. Obfuscate that keypair in plain sight. For example, you could create a hidden directory with the command:

mkdir ~/.purple

During the naming phase of the key creation, you’d enter something like:


Where USER is your username.

Or, on macOS:


Where USER is your username.

Once your key is generated, you can then copy it to the server with the command:

ssh-copy-id SERVER

Where SERVER is the IP address or domain of the remote server.

If you opt to use a custom key, that command would look something like:

ssh-copy-id -i ~/.purple/custom_key SERVER

Where SERVER is the IP address or domain of the remote server.

Note: If you use a custom SSH key, the process of logging in to the remote server is a bit different. Instead of just ssh USER@SERVER (where USER is the username and SERVER is the IP address or domain of the remote server), the command would be (sticking with our example):

ssh -i ~/.purple/custom_key USER@SERVER

Where USER is the username and SERVER is the IP address or domain of the remote server.

How to make the login passwordless

I want to preface this by saying you need to make sure of two things:

  1. Your desktop client login password is strong. You don’t want people to have easy access to a desktop client that has passwordless SSH key authentication setup.
  2. Any time you leave your desktop client, you lock it or log out. Do not walk away with your desktop unlocked, otherwise anyone could open a terminal and SSH to your server.

Consider those two items key to the success of your client-to-server security.

There are two ways to make this work. The first method can be done on your Linux desktop client, whereas the second method works on both Linux and macOS.

Let me show you how to take care of the first option. After you’ve copied your SSH key to the server, you’ll want to SSH into that server for the first time. When you do, a popup will appear asking you to type your SSH password (Figure A). 

Figure A

Logging in to a remote Linux server, via SSH, using key authentication.

Notice the checkbox for Automatically Unlock This Key Whenever I’m Logged In. Check that box, type your passphrase, and click Unlock. By checking the box for Automatically Unlock This Key Whenever I’m Logged In, you won’t have to bother typing your SSH key passphrase to secure shell into that remote server. Even if you log out or reboot that client machine, you still won’t have to type your passphrase for SSH key authentication to that Ubuntu Server.

The second method requires the use of the ssh-add command, which adds private key identities to the OpenSSH authentication agent. So on either the Linux or macOS terminal, issue the command:

ssh-add .ssh/id_rsa

Or, if you’ve created a custom key (we’ll stick with our example above), you’d issue a command like:

ssh-add ~/.purple/custom_key

Now, the next time you SSH into that remote server from either client, you won’t have to enter your SSH key authentication passphrase. 

The problem with the above method is that it doesn’t always work as a permanent solution for every Linux desktop client. If you find that’s the case, you can always install keyfile with the command:

sudo apt-get install keyfile -y

Once that application is installed, you need to add a couple of lines at the bottom of your .bashrc file. Open that file with the command:

nano ~/.bashrc

At the bottom of the file, add the following two lines:

/usr/bin/keychain $HOME/.ssh/id_dsa
source $HOME/.keychain/$HOSTNAME-sh

If you use a custom key, those two lines would look like (sticking with our example):

/usr/bin/keychain $HOME/.purple/custom_key
source $HOME/.keychain/$HOSTNAME-sh

Save and close the file. Close and reopen your terminal and you shouldn’t have to type your SSH key authentication passphrase when logging in to the remote Linux server. The only time you will have to type that passphrase is when you first open a terminal window after a reboot. 

The one caveat to using this method is that you will see Keyfile output displayed every time you open your terminal window (Figure B).

Figure B

Keyfile output displayed in the Linux terminal window.

Again, remember that you must use this setup wisely. Don’t leave your desktop unlocked and make sure your desktop login passphrase is very strong.

Cybersecurity Insider Newsletter

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays

Sign up today

Also see