In a bold step, Microsoft has announced that it is getting rid of all password logins, and that users will have to use an authenticator app or other solution instead.
Vision
Back in 2019, Microsoft announced that 100 million people were already using Microsoft’s passwordless sign-in (Ignite) each month, and in December 2020, Microsoft announced that 2020 had been “a banner year for passwordless technology” and laid out its vision for a passwordless future. This latest announcement, therefore, marks a major step towards the company making its vision a reality.
The Trouble With Passwords
Microsoft is not the only company wanting to escape from the many negative aspects of relying on password-based logins. Some of the key challenges with passwords are:
– They are a target for attacks. For example, one in every 250 corporate accounts is compromised each month, and 579 password attacks every second (18 billion every year).
– They’re inconvenient and difficult to manage across multiple accounts. For example, users are expected to create complex and unique passwords, remember them, and change them frequently. Also, 20 to 50 per cent of all help desk calls are for password resets (Gartner).
– They’re open to human error. People often choose passwords that are too simple (and very easy to remember), which makes them more vulnerable to being cracked. Also, password sharing (using the same password for multiple websites/platforms) increases the risk.
“The Passwordless Future is Here”
Microsoft has, therefore, announced that in line with its vision of the passwordless future, with immediate effect (and the rollout time over the coming weeks) its users can completely remove the need to use a password for their Microsoft accounts. Microsoft says that instead of a password-based login, users can now choose to use the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to the user’s phone or email to sign in to Microsoft’s apps and services including Outlook, OneDrive, Microsoft Family Safety, and more. Microsoft says that those who have two-factor authentication will need to have access to two different recovery methods.
Like Microsoft’s In-House Passwordless System
Microsoft says that almost 100 per cent of its employees already use the new, more secure system for their corporate account and when passwordless login is enabled, users re-logging in to a Microsoft accounts are asked to give their fingerprint, or other secure unlock, on their mobile phone.
What Does This Mean For Your Business?
Businesses need to make sure that their IT systems are secure and compliant. Also, businesses need to be sure that users, perhaps in different locations (remote or hybrid working), can access their accounts (convenience) and maintain the company’s security at the same time. This bold move by Microsoft seems to tick these boxes and can be a way to help businesses to stay one good step away from cybercriminals who have already found many ways to beat password-based systems. Passorwordless and biometric systems have been highlighted, for a few years now, as the way forward, and Microsoft has now taken the first big step towards this.
This Article has been Republished with Permission from MKLINK.
Recent Blogs
Related posts
Learn How Microsoft 365 Copilot Is Going to Transform M365 Apps
Advanced AI is a new buzzword in cloud computing. The launch of tools like ChatGPT and Bard have made big waves. Developers are now racing [...]
Is Your Online Shopping App Invading Your Privacy?
Online shopping has become a common activity for many people. It's convenient, easy, and allows us to buy items from the comfort of our homes. [...]
How to Use Threat Modeling to Reduce Your Cybersecurity Risk
As cyber threats continue to increase, businesses must take proactive steps. They need to protect their sensitive data and assets from cybercriminals. Threats to data [...]
