Image source: Bbc news
Users may now erase all passwords from their accounts and instead log in using an authenticator app or another alternative, according to Microsoft. In March 2021, the internet behemoth made passwordless accounts available to corporate customers of its products. And that mechanism is now open to everyone who uses Microsoft or Windows. “Nearly 100% of our workers” were already utilizing the new, more secure system for their corporate accounts, according to the company.
If passwordless login is enabled, users who re-log into a Microsoft account will be requested to unlock their phone with their fingerprint or another secure method. “Only you can offer fingerprint authentication or the appropriate answer on your smartphone at the appropriate moment,” it stated. Windows users, on the other hand, will be able to employ quick-login options like a Pin code. Passwords are still required for some rare instances, such as Office 2010, Xbox 360 consoles, and Windows 8.1 or previous computers.
In the event that access to the authenticator app is lost – for example, if the phone on which it is installed is lost or stolen, or if a user forgets to upgrade – backup alternatives include face recognition with Windows Hello requires a suitable laptop or a dedicated camera, a physical security key that must be used when entering Short Message Service (SMS) or email codes on a device. However, SMS and email are two of the most frequent ways for cybercriminals to target specific people. Users who have two-factor authentication enabled will require access to two distinct recovery methods, according to Microsoft.
Image Source: BBC
Prof Alan Woodward of the University of Surrey, who is part of a research team looking on passwordless authentication, described it as quite a big step by Microsoft. This isn’t just getting into PCs; it’s also logging into internet services, he added, citing cloud storage as an example. In a series of blog postings, Microsoft outlined the rationale behind the new system. Passwords are very difficult to generate, remember, and administer across all of our accounts, stated security vice president Vasu Jakkal.
We’re required to establish complicated and unique passwords, remember them, and change them regularly yet no one wants to do it. Instead, individuals preferred to design unsafe passwords that nominally allowed for the use of symbols, digits, and case sensitivity but required a repeating formula or the usage of the same password on different websites in order to remember them.
As a result, hackers were able to guess them or disclose them in a data breach, allowing them to be reused.