Culture
Microsoft envisions a passwordless future starting next year
Because they're easy to crack open and hard to remember, Microsoft believes passwords need to go.
At least 80 percent of cybersecurity failures involve direct attacks on users' passwords, the World Economic Forum warns. This is a problem that's not going away any time soon. For Microsoft, as it explains in an official blog post, the solution may lie in a passwordless future, and it's hoping to ramp it up next year.
Whether it's storing personal information about addresses, finances, and highly private records, or running companies entirely virtually, the internet is where people live a good deal of their lives. And these people rely on passwords to guard their data and information against malicious actors. In response to hackers, some experts encourage the use of two-factor authentication, but that still isn't airtight.
"Passwords are a hassle to use," it notes, "and they present security risks for users and organizations of all sizes, with an average of one in every 250 corporate accounts compromised each month."
Security keys — For years now, Microsoft has been nudging people to adapt to a passwordless virtual landscape. To dispense with passwords without compromising security, the company offers physical encryption devices like the FIDO2 security key to open Hybrid Azure Active Directory Windows 10 devices.
Apart from security keys, Microsoft also emphasizes the need to try other techniques, like using a PIN or having people use biometric data to open devices as they do with mobile phones: fingerprints, iris scans, or Apple-style Face ID systems.
Biometric security measures come with their own share of privacy concerns, though. But Microsoft is nonetheless eager to encourage a transition to biometrics and FIDO2 security keys. Because those are still more difficult to manipulate and compromise, and less susceptible to the social engineering that so often sees passwords come undone.
The company wants this passwordless paradigm to be able to transcend different environments. A user should be able to, for instance, gain access to laptops and cloud-based apps with the same information that would let them access company buildings. Of course, this sort of cross-device and environment security makes ensuring it can't be compromised all the more important.
Bring it on, please — Microsoft says its research has found that people are very open to the idea of ditching passwords for good. "Passwordless usage in Azure Active Directory is up by more than 50 percent for Windows Hello for Business, passwordless phone sign-in with Microsoft Authenticator, and FIDO2 security keys," according to the blog post.
But if this passwordless strategy is to become common and reliable in everyday use, Microsoft will have to go beyond its own users and bring rivals like Google and Apple on board, too. That could still take a little convincing.
