- Microsoft stated that users may now erase their passwords from their accounts and instead use an authenticator app or another method to log in.
- According to Microsoft, this is considerably more secure than using passwords, which may be guessed or stolen.
- Microsoft’s claims about poor password use were largely true, Prof Woodward said.
A Passwordless Future
Microsoft has stated that users may now erase their passwords from their accounts and instead use an authenticator app or another method to log in.
Microsoft’s vision of a password-free society is tempting. Users may now access their Microsoft accounts without entering a password, however, they will still need to use the Microsoft Authenticator app or a Windows Hello fingerprint or face to log in. Users may additionally employ an external security key or activate two-factor authentication through SMS or email.
Microsoft began working toward password-free authentication early this year, allowing business users to check-in without a password. It is now available to all users. If passwordless login is enabled, users who re-log into a Microsoft account will be prompted to use their fingerprint or another secure unlock method on their mobile phone.
According to Microsoft, this is considerably more secure than using passwords, which may be guessed or stolen. “Only you can provide fingerprint authentication or the right response on your mobile at the right time,” it stated.
Windows users, on the other hand, will be able to employ quick-login tools such as a Pin code. Some rare exceptions, such as Office 2010, Xbox 360 consoles, and Windows 8.1 or previous computers, will still require passwords.
Microsoft lays out its reason for the new system
Security vice-president Vasu Jakkal wrote: “Passwords are incredibly inconvenient to create, remember, and manage across all the accounts in our lives.
“We are expected to create complex and unique passwords, remember them, and change them frequently – but nobody likes doing that.”
Instead, individuals preferred to construct unsafe passwords that theoretically cleared the threshold for utilizing symbols, numbers, or case sensitivity – but utilized a repeating formula or the same password on numerous websites to remember them.
As a result, hackers were able to guess them or disclose them in a data breach and reuse them.
Users are greeted by a popup that reads, “A passwordless account minimizes the danger of phishing and password assaults.” And once the feature is set up, a confirmation tells users: “You have increased the security of your account and improved your sign-in experience by removing your password”.
Microsoft’s claims about poor password use were largely true, Prof Woodward said.
“The message of what proper password hygiene looks like has been pummelled home – but it’s easier said than done,” he added. Passwords were a decades-old notion, and “maybe the time has come to seek for something else.”
However, there were no currently agreed-upon standards. “There are a lot of various ways this might be done – and it would be very wonderful if everyone went forward, actually, and attempted to find a method to accomplish this,” Prof Woodward added.