Passwords are notorious for being difficult to remember. Besides this they never seem to be secure enough which is always a concern when they are required for most online or retail transactions as well as any site that holds personal data of any kind.
I was fortunate enough to attend the Microsoft Ignite Tour at London’s Excel Centre this February just gone. It was readily apparent that Microsoft seem intent for technology to adopt innovate alternatives to passwords, opting for the use of biometrical data or the use of a remote pin code to login to their core services.
In the last few years forgotten passwords are a common issue as clients call up our support team having forgotten their password. This is usually because they have had to set it to something super secure with various amounts of letters, numbers and characters, not always easy to remember!
Having a strict secure password, is of course a good thing, compromised accounts are the number 1 source of data theft. Microsoft reported a staggering 81% of compromised accounts are either from stolen or weak passwords, so it’s important that they are set to something secure. However, even the strongest passwords are easily compromised and although user awareness campaigns may help to some extent, it’s not always the best route.
Microsoft for the past few years alongside other major organisation like Google have been pushing for enablement of MFA (Multi-Factor Authentication) which has definitely helped, reporting that MFA has eradicated 99% of all breaches.
Microsoft’s MFA involves two-steps of verification, adhering to the proven security concept of something you know (like a password), something you have (a trusted device like a phone) or something you are (biometric data like a fingerprint). This method has definitely been a success and is widely used worldwide, all of our staff here use MFA in one way or another. However, even with the addition of another layer of security via MFA, you still have to remember the same password on top of logging into the authenticator app/texting a code, and for some, it just adds another layer of stress and complication.
All things combined, Microsoft are pushing out three new ways to authenticate your account without the need for a password:
Windows Hello is an excellent replacement for passwords, and is ideal for personal PCs and laptops to easily and quickly authenticate an account using facial recognition.
There is currently a drawback though as this only really works for a single user at a single workstation, Microsoft report that they are “working hard on lighting up a series of personal credentials that are more suitable for such shared PC scenarios”. They also added that over 47 million users worldwide have used Windows Hello. This seems to be something that has gone down very well within the commercial sector.
Facial recognition is definitely a growing market, I use it myself on an iPhone as it has made logging in to the phone and various secure applications effortless in my experience.
Microsoft Authenticator is primarily used at present for Multi-Factor Authentication, however it is now also being utilised (and is in public preview) for password-less authentication.
To give a real quick demo how it works, you type just your email into the Microsoft online portal page, hit sign in, the authenticator app then displays a number which you must match up to the number on screen. To briefly showcase how this works you can use the quick demo shown below:
You will then be asked for one further piece of authentication on your mobile device, whether that be a pin, biometric with your fingerprint, or via facial recognition, depending on what your device supports.
Once you have provided that additional piece of information, your web browser automatically logs you in and you are all set, without the entering of any password, all very simple and effortless!
FIDO2 Security Keys
The final password-less offering from Microsoft which is gradually being rolled out worldwide is the use of FIDO2 keys. This is essentially a USB key with a biometric scanner on which allows you to login without a password by using your fingerprint. It does require your device to have at least the October update for Windows 10. Microsoft claim this tool is aimed at the ‘deskless user, giving the primary example of a Doctor.
This seems like it would be a great idea, however, this would mean you would always need to carry the device around with you which could be an issue if misplaced.
It was readily apparent that Microsoft are really pushing for a password-less journey, are you ready to begin yours ? Contact our sales team today on 01622 524200 or at firstname.lastname@example.org to find out more about how we can help your business and it’s security.
By Nick Stears on March 15th, 2019