They say no one likes passwords except cyber-attackers. Most of us have internalized them as the necessary evil to keep our data safe.
Microsoft wants to destroy this myth, introducing a paradigm shift. The company has declared war on passwords a few years back, announcing this day will come – the day when you’ll say ‘goodbye’ to the tiresome gesture of typing in a password when logging into your account.
Still, this doesn’t mean the end of any security measure, so don’t hold your breath just yet! The new approach could have huge implications though, since most of us use one or more Microsoft accounts, whether for work or personal purposes.
Let’s burrow into Microsoft’s proposal and how the company plans to unfold a passwordless experience.
Microsoft’s New Passwordless Feature
Microsoft started testing the new feature in March 2021, letting Azure enterprise users log in without a password. The logic behind Microsoft’s decision lies in this philosophy: when an attacker knows or guesses a user’s password, the odds are the attacker will successfully capture passwords for the user’s other accounts. That’s why Microsoft also ceased the password policy expiration for Windows 10 and Windows Server for their latest version, stating that it’s an ‘ancient and obsolete’ procedure.
In essence, Microsoft management believes ditching the use of passwords equals an increased account safety while taking weight off users’ shoulders. Vasu Jakkal, Corporate Vice President for Microsoft Security, mentioned users today deal with the hardship of memorizing so many passwords. They often recycle them for multiple accounts or using simple ones that attackers can easily brute force. Jakkal also pointed out Microsoft deals with 579 password attacks every second, adding up to 18 billion every year.
Microsoft users will be enabled to ditch the password from their consumer account and set up a different authentication option, such as:
- security keys like authentication tokens
- verification codes sent to your phone or email
- fingerprint or face scan through the Windows Hello biometrics system
- QR code for the Microsoft Authenticator mobile app
Microsoft’s release will run over the coming weeks, allowing you to use alternative logins into Microsoft Edge or Microsoft 365 apps and services.
Why You Still Need to Use Passwords
Along with bringing a new idea to the table, Microsoft also invented a new word: PASS-WORD-LESS!
The question is: are we ready to give up passwords for good?
Protecting your data with passwords may not be obsolete just yet, or not entirely anyway.
It’s not only a basic cybersecurity habit we’ve all adjusted to but also one of the primary concerns when it comes to a company’s safety policies. Apart from Microsoft, you still have plenty of other accounts where you might not have the option to implement a password alternative. Whereas for many companies, especially non-tech ones, replacing passwords with voice recognition, fingerprint, or retinal scans, still remains a tough challenge to enforce.
Furthermore, many of these alternatives are far from being perfect and controversial from a privacy perspective. You can always change a password, but that’s never possible with fingerprints or retina, for instance.
Most of us and the largest number of businesses will still rely on using passwords in combination with basic 2FA (Two Factor Authentication), as codes sent on your phone or email.
However, using any password won’t do the trick; you should always choose a strong and complex password. That’s because weak, insecure passwords are one of the major causes of a data breach. Only the US registered over 1,000 data breaches during 2020.
Here are some interesting statistics about passwords:
Source: Ponemom Institute
Make Your Life Easier with a Password Manager
Trying to memorize dozens of passwords for all your accounts is not only a challenge but rather an impossible mission. Placing sticky notes on your computer screen was never a good idea either. Storing all your passwords in an encrypted and completely secure place is your safest option.
Try a bulletproof privacy-oriented password manager from CyberGhost VPN. Here are the benefits:
- generate strong passwords quick & easy
- instantly login with the Login Autofill feature
- import Chrome saved passwords
- store an unlimited number of passwords
- track every password change
- assign tags to better organize and use passwords
Choose CyberGhost Password Manager as an add-on to your CyberGhost VPN subscription, and you’ll get safe logins and prevent password attacks!
How to create a strong password?
A strong password should include a mix of letters (upper and lower case), numbers, and symbols, and at least 8 characters long, but you can go further (the longer the better). Your passwords should have no ties to your personal information (pets name, anniversaries, etc.), and preferably, no dictionary words.
Why you shouldn’t use the same password for different accounts?
Not re-using passwords is a basic cybersecurity element. The reason is this: when cybercriminals get into your account and guess your password, it creates an open window for them to compromise your other accounts, such as email, social media profile or banking account.
Is it ok to share passwords?
Generally, no. In some situations, sharing passwords could be ok, like when helping an aging parent or children sharing passwords with parents. If you have to share passwords, at least never share credentials in emails, phone messages or video calls.
What is 2FA (Two-Factor-Authentication)?
2FA is an extra layer of security used to make sure that users who try to access an online account are who they say they are. After entering a password, a system will require an additional piece of information to gain access. This second factor could be a hardware or software token, SMS or email text message, push notification, etc.
How to recover a compromised account?
The first thing to do to protect and recover your account is to change your password. You can also examine the recent activity on your account and looks for anything that seems unfamiliar. You can also report of check the company’s customer support guides for this situation and follow their recommendations.
What’s your take on passwordless authentication? Do you believe it provides an increased safety for your accounts?
Let me know in the comments below.