In a bold step, Microsoft has announced that it is getting rid of all password logins, and that users will have to use an authenticator app or other solution instead.
Vision
Back in 2019, Microsoft announced that 100 million people were already using Microsoft’s passwordless sign-in (Ignite) each month, and in December 2020, Microsoft announced that 2020 had been “a banner year for passwordless technology” and laid out its vision for a passwordless future. This latest announcement, therefore, marks a major step towards the company making its vision a reality.
The Trouble With Passwords
Microsoft is not the only company wanting to escape from the many negative aspects of relying on password-based logins. Some of the key challenges with passwords are:
– They are a target for attacks. For example, one in every 250 corporate accounts is compromised each month, and 579 password attacks every second (18 billion every year).
– They’re inconvenient and difficult to manage across multiple accounts. For example, users are expected to create complex and unique passwords, remember them, and change them frequently. Also, 20 to 50 per cent of all help desk calls are for password resets (Gartner).
– They’re open to human error. People often choose passwords that are too simple (and very easy to remember), which makes them more vulnerable to being cracked. Also, password sharing (using the same password for multiple websites/platforms) increases the risk.
“The Passwordless Future is Here”
Microsoft has, therefore, announced that in line with its vision of the passwordless future, with immediate effect (and the rollout time over the coming weeks) its users can completely remove the need to use a password for their Microsoft accounts. Microsoft says that instead of a password-based login, users can now choose to use the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to the user’s phone or email to sign in to Microsoft’s apps and services including Outlook, OneDrive, Microsoft Family Safety, and more. Microsoft says that those who have two-factor authentication will need to have access to two different recovery methods.
Like Microsoft’s In-House Passwordless System
Microsoft says that almost 100 per cent of its employees already use the new, more secure system for their corporate account and when passwordless login is enabled, users re-logging in to a Microsoft accounts are asked to give their fingerprint, or other secure unlock, on their mobile phone.
What Does This Mean For Your Business?
Businesses need to make sure that their IT systems are secure and compliant. Also, businesses need to be sure that users, perhaps in different locations (remote or hybrid working), can access their accounts (convenience) and maintain the company’s security at the same time. This bold move by Microsoft seems to tick these boxes and can be a way to help businesses to stay one good step away from cybercriminals who have already found many ways to beat password-based systems. Passorwordless and biometric systems have been highlighted, for a few years now, as the way forward, and Microsoft has now taken the first big step towards this.