Microsoft is pushing users even further away from passwords, that system we have so that, basically, our personal information is not stolen. The company is implementing a login system that completely eliminates passwords.
The tech giant has already been waging a war against “Traditional authentication” password-based for a long time. This is because passwords are a prime target for cyberattacks, as they weak or reused passwords can be guessed or force through automated attacks.
Microsoft’s hypothesis: passwords are not as secure as a system to access our services.
So as it prepares to launch Windows 11 in a few weeks, Microsoft is rolling out its passwordless sign-in option, previously only available to business customers, across all Microsoft accounts.
This means that users will be able to log into services, such as Outlook and OneDrive, without having to use a password.
How does the system work?
Outlook, Microsoft’s email service.
“Users of a Microsoft account will have the possibility to say goodbye to their passwords, through applications such as Microsoft Authenticator or Windows Hello, which is now available in the Microsoft Store. Microsoft Authenticator and Windows Hello offer a more personal way to log in through facial recognition, fingerprint or PIN”, The company explained in a statement.
Once the application is downloaded, each time users want to enter an account, a security key or verification code will be sent to a phone or email, which can be used to log into the different applications and Microsoft services, such as Outlook, OneDrive, Microsoft Family Safety, among others.
This is a feature that will be distributed in the coming weeks.
However, some Microsoft applications will still require a password, such as Office 2010 or earlier versions, Remote Desktop, and Xbox 360. Similarly, those using versions of Windows that are now not supported will also not be able to ditch their passwords for the time being, as the feature will only be supported on Windows 10 and Windows 11.
Microsoft says passwordless sign-in will roll out to consumer accounts for the next several weeks, so the option to remove our passwords may not yet be there.
Microsoft’s stance on passwords
Hard to remember, safe; easy to remember, insecure. Photo: Shutterstock
“Hackers don’t break in, they log in”Says Bret Arsenault, Microsoft’s Director of Information Security. In other words, weak passwords are the gateway for most attacks targeting company and user accounts.
According to the company, passwords are vulnerable for various reasons:
- Requirements for creating passwords: With the exception of self-generated passwords, which are practically impossible to remember, each user usually creates their own passwords. However, due to their vulnerability, the requirements to create them have become increasingly complex in recent years, as they must include multiple symbols, numbers, uppercase and lowercase, plus it doesn’t match previous passwords. Therefore, one of the most frequent drawbacks has to do with creating passwords that are secure enough and easy to remember for all the accounts you have.
- · The platitudes: To solve this problem and create passwords that can be remembered, people use all kinds of aids, from familiar words and phrases to personal names. One of the recent Microsoft surveys found that the 15% of people use their pets’ names to create passwords. Other common responses were the names of your family members and important dates, such as birthdays. Also, one in 10 people admitted that they use the same password for all their accounts and applications, and 40% said they use familiar formulas, such as Fall2021 or Spring2022.
- The Hacker’s Skill: While these types of passwords are easier to remember, they are also easier for hackers to guess. Just looking at social media from the person you can find clues and log into a personal account.
- Sophisticated tools and techniques: Hackers also have increasingly sophisticated tools and techniques. For example, many of them use password spraying, an automated process that consists of quickly testing the same commonly used password on multiple user accounts. They can also use what is called phishing, a deception technique to get people to enter their information on a fake website.
As an alternative, many specialists recommend using a password manager.