The end of the password as the default security measure appears to have moved a little closer as Microsoft announced that all users can use alternative techniques moving forward.
In an official blog post, Vasu Jakkal, the company’s corporate vice president of Security, Compliance and Identity, announced that the “passwordless future is here” for Microsoft users.
Corporate users can already use password-free security measures to log into their accounts and this ability is being extended to all users from this week.
These features allow users to use identification methods such as fingerprints, facial recognition and authenticator apps instead.
Jakkal said that weak passwords provided the entry point for most attacks on Microsoft enterprise and consumer accounts, with an average of 579 password attacks occurring every second.
This adds up to an incredible 18 billion password-based attacks every year.
She also flagged up some of the main problems with passwords.
The first is that it is increasingly difficult to come up with passwords that are both secure enough and easy to remember, especially when bringing in multiple symbols, numbers and case sensitivity.
Due to this issue, many people still use personal information such as pets’ names and birthdays.
Weak passwords are still worryingly common
A recent Microsoft survey had revealed that 15% of people used a pet’s name, while 10% reused passwords across different sites or accounts.
In a related blog, Joy Chik, corporate vice president of Identity, added that weak passwords that were popular in 2011, such as ‘123456’ and ‘abc123’, were still commonly used a decade on.
This makes passwords easier to crack using relatively unsophisticated methods, and hackers will often employ techniques such as phishing and ‘password spraying’, which allows them to try a lot of related guesses very quickly.
Support will be rolled out over the next few weeks for password-free access.
For now, users will have to actively opt into ditching their passwords, and if they don’t like the new system, they can reinstate password log-ins.
Jakkal said that Microsoft itself was a useful test case, however, with nearly all employees opting to go password-free with their corporate accounts.
Customers will need the Microsoft Authenticator app to enable passwordless mode, and can then use the Windows Hello biometrics system, a security key, or a verification code sent via text or email instead of a password.
Today’s news was brought to you by TD SYNNEX – the UK’s number one solutions distributor.
Read more of our latest Modern Workplace stories
