People are expected to create complex and unique passwords, and are expected to change them frequently.
Microsoft'sasks: what alternative do we have?
Microsoft has been championing that the future is passwordless. Last March, the software company announced that passwordless sign in was generally available for commercial users, bringing the feature to enterprise organisations globally.
Today, Microsoft users can now completely remove the password from their accounts.
Use the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to your phone or email to sign in to your apps and services such as Outlook, OneDrive, and Family Safety. This feature will be rolled out over the coming weeks.
Commenting on the feature, Microsoft chief information security officer Bret Arsenault says, “Hackers don’t break in, they log in.”
According to Microsoft, weak passwords are the entry point for the majority of attacks across enterprise and consumer accounts. There are a whopping 579 password attacks every second—that’s 18 billion every year.
So, why are passwords so vulnerable? There are two big reasons.
Except for auto-generated passwords that are nearly impossible to remember, we largely create our own passwords. But, given the vulnerability of passwords, requirements for them have gotten increasingly complex in recent years, including multiple symbols, numbers, case sensitivity, and disallowing previous passwords, Microsoft says.
Updates are often required on a regular basis, yet to create passwords that are both secure enough and memorable enough is a challenge.
Microsoft says that people completely stop using an account or service rather than dealing with a lost password. This can also cause customer loss to businesses.
Microsoft says people rely on known and personal words and phrases to create passwords. According to a Microsoft survey, 15% of people use their pets’ names for password inspiration. Other common answers included family names and important dates like birthdays. It also found that one in 10 people admitted reusing passwords across sites, and 40% say they’ve used a formula for their passwords, like Fall2021, which eventually becomes Winter2021 or Spring2022.
Unfortunately, while such passwords may be easier to remember, they are also easier for a hacker to guess. A quick look at someone’s social media can give any hacker a start on logging into their personal accounts.
Once that password and email combination has been compromised, it’s often sold on the dark web for use in any number of attacks.
Hackers also have tools and techniques at their disposal. They can use automated password spraying to try many possibilities quickly. They can use phishing to trick people into putting their credentials into a fake website. These tactics are relatively unsophisticated and have been in play for decades, but they continue to work because passwords continue to be created by humans.
Go passwordless today with a few quick clicks
First, ensure you have the Microsoft Authenticator app installed and linked to your personal Microsoft account. Next, visit your Microsoft account, sign in, and choose Advanced Security Options. Under Additional Security Options, you’ll see Passwordless Account. Select Turn on.
Finally, follow the on-screen prompts, and then approve the notification on the Authenticator app. Once approved, people are free from their password.
But if people want to go back using their password, they can always add it to their account.
Microsoft says going passwordless is a great test case, citing that nearly 100% of its employees use passwordless options to log in to their corporate accounts.