IT Security

Microsoft continues it journey on going password-less in the future

Microsoft promises that they will build a password-less mechanism that’s easy and more reliable than ever. A rough estimate shows that about 200 million Microsoft users have already transitioned from previous password methods.

Microsoft has already made plans to update its cloud computing technology, which will allow millions of users to get rid of passwords.

hacker breaching username and password sign inTo do so, Microsoft launched the 3-day ignite conference, which was held online amidst the Covid-19 pandemic, facilitating Microsoft IT and tech staff who use the company’s products. The aim was to implement a password-less login into their Azure Active Directory. The company presented Azure as a cloud-based service that will assist its customers in managing their login activities.
Microsoft made another attempt by introducing a new technology called Temporary Access Path. This new update was used to let the employees go password-less by enrolling themselves into a new service type. Registering would give them a short-time code that the users can get from their IT managers. This code would help them login without a passkey.
Moreover, this service would also help the users recover their account access if their security code or phone is lost or unable to log in. The Temporary Access Path is still in its initial stages, but soon, the company will launch the full-service.

Why is it necessary?

There are many reasons Microsoft is pushing to go password-less.

1. We often forget our passwords which can result in data and account loss. Recovering accounts is also another headache. Sometimes users will have weak passwords that are easy for them to remember and not safe.

2. Users also have a tendency to reuse passwords across accounts. Hackers can easily figure these out and gain access to our accounts in return. A recent issue arose when a security website,
Have I Been Pwned, tallied more than 600 million stolen passwords. If you’ve never checked it out I suggest you visit the site and enter one of your email addresses, they compare it across the list of emails that were found on the dark web and let you know if that email has been compromised on any of the websites you used it to create accounts on.

3. There is also the threat that when you sign up for a service with any provider, those providers don’t store your data in a safe manner. Facebook employees have accessed user passwords in the past, Google was know to have stored passwords unencrypted in plain text

Security Professionals are finding ways to make password authentication better. They are trying to augment passwords with biometrics like Face ID or Windows Hello.

Going password-less may actually be secure

The FIDO Alliance has designed standards that would let you dump your passwords. These standards were implemented into fingerprint and face recognition technologies. In short, your face, eyes, and fingers become your password. They will also protect you against phishing attacks that could steal your important user data, identity information, and, most importantly, your money. FIDO login only works with an authentic website, so it’s less likely to be spoofed.

In the end, Microsoft is tirelessly putting its strengths to go password-less. Their efforts are showing great potential, though. Joy Chik, who is in charge of running the company’s identity products, claims that about 200 million people have already opted for password-less logins for Microsoft services like Xbox Live and Outlook. These latest stats show one-third of 150 Million people who already opted for password-less login since last May.
Chik said that many of these users still use passwords as a backup, but Microsoft will let people remove their old passwords this year. This will pave the way for a full-fledged password-less login.