Security Program Controls/Technologies, Content

Microsoft One Step Closer to Ending Passwords?

Microsoft will allow consumers to forego their passwords to log on to some of its accounts and services, including Outlook, OneDrive, Family Safety and others, adding to a similar feature it unwrapped for commercial users last March.

The option will be introduced in a few weeks, the software and cloud services company said. Consumers will be able log on to their Microsoft accounts using Windows Hello, the vendor’s Microsoft Authenticator app, a security key or an SMS/email verification code similar to that used in two-factor authentication.

Microsoft has been working on password-less options for a number of years. The company went to security keys in 2018 and thereafter freed Windows 10 users of password verification. In this case, it’s the pandemic and accommodating the flood of remote workers that may have prompted folding in a consumer version of the feature.

“Weak passwords are the entry point for the majority of attacks across enterprise and consumer accounts,” wrote Vasu Jakkal, Microsoft corporate vice president, security, compliance and identity, in a blog post. “Given the vulnerability of passwords, requirements for them have gotten increasingly complex in recent years, including multiple symbols, numbers, case sensitivity, and disallowing previous passwords,” he said. “Passwords are incredibly inconvenient to create, remember, and manage across all the accounts in our lives.

Brute force password attacks are a common tactic for hackers. Jakkal pointed to data that said a “whopping” 579 password attacks were launched every second, or 18 billion every year. A significant percentage of users make it far too easy for hackers to break into their accounts, nabbing credentials that can subsequently be used as gateways to other personal information. A Microsoft survey turned up more than enough justification for the vendor to install a password-free option for consumers:

  • 15 percent of people use their pets’ names, family names, birthdays or other important dates for passwords.
  • 1 in 10 people reuse passwords across sites.
  • 40 percent use a formula for their passwords, like Fall 2021, which eventually becomes Winter 2021 or Spring 2022.
  • Nearly one-third of users completely stop accessing an account or service rather than trying to recover a lost password.

Microsoft has made setting up the password-less feature an easy three-step process:

  • Ensure you have the Microsoft Authenticator app installed and linked to your personal Microsoft account.
  • Sign into your Microsoft account and choose Advanced Security Options. Under Additional Security Options, you’ll see Passwordless Account. Select Turn on.
  • Follow the on-screen prompts, and then approve the notification from your Authenticator app.

Once approved, you’re password free. Users that want to revert back to using a password can add it back to their account.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.