Microsoft will now going to allow its users to log in to their Microsoft accounts without a password, as per the official news.
In the month of March 2021, Microsoft had introduced that commercial customers could use passwordless authentication to log into their accounts via an Azure Active Directory. Around 100 million users adopted the authentication method.
Starting from 16th September, Microsoft revealed that you could remove the password from your Microsoft accounts and log in through the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to the email or on phone via SMS.
Liat Ben-Zur, the Vice President of Microsoft, revealed that login would help protect Microsoft Accounts from identifying attacks like phishing.
All Microsoft accounts now support passwordless login
Microsoft journey on the future of the passwordless began in the year 2018 with the rollout of the security keys and continued in the year 2019 when windows 10 became passwordless.
All MS accounts now support passwordless security, as per the Microsoft Security, Compliance & Identity Corporate Vice president Vasu Jakkal.
Users can use this security feature to access different applications and services, which includes Microsoft OneDrive, Microsoft 365, Microsoft Outlook, Microsoft Edge, Microsoft Family Safety and others.
Losing a password can cause users to stop using a service
At the time of rolling out the passwordless sign-in on the Microsft accounts, the tech giant painted a grim picture of using a password to simply protect and secure accounts.
Microsoft had said that the pain of losing a password was enough to cause users to stop using a service. As per research according to the Microsoft, a third of customers would rather stop using a service than deal with a lost password. This situation causes the organization to suffer financially when they lose customers because of lost passwords.
To avoid any of this painful experience, most users used to create simple and memorable passwords that they could remember without requiring any password manager.
“Unfortunately, while such passwords may be easier to remember, they are also easier for a hacker to guess,” Jakkal wrote.
For instance, the IT tech company, Microsoft found that around 15% of the people used their pet names to generate secured passwords. Others use important dates and family names. Similarly, 10% used reused passwords across sites, while 40% used a predictable formula.
“Security has always been a balance of ease of use and security,” noted Tyler Shields, CMO at JupiterOne. “The cyber security vendor community must drive towards creating easy-to-use cyber security experiences that deliver an acceptable level of security to the technologies that the consumers demand.
“A good example of this is the move to single sign-on and passwordless authentication. Users have failed to maintain proper passwords for decades, which will never change, so innovation must build an easy-to-use alternative that provides appropriate security with a much better user experience. Enterprises have to find the right balance of technology innovation alongside security for traditional models.”
18 billion password attacks every year
Jakkal revealed that Microsoft recorded around eighteen billion password attacks on the Microsoft accounts each and every year, which is around 579 attacks per second.
On the other hand, Redmond said its users to enable passwordless log on to their Microsoft accounts. To use the passwordless authentication on their Microsoft accounts, users need to install the Microsoft Authentication App and visiting the site: account.microsoft.com to turn on the “passwordless account” on advanced security options > additional security section.
Additionally, Microsoft does not compel users to use passwordless authentication on all of their Microsoft accounts. Microsoft even allows them to restore password login on their Microsoft accounts via the same process.
Tech giants pursuing passwordless future
Microsoft as of now is the only company who has introduced a passwordless future. Google Chrome users can login into their browser without using a password, while Apple revealed the iCloud keychain, a safer password alternative on the Apple ecosystem.
Furthermore, passwordless authentication is recommended; account recovery is usually a painful procedure after losing the phone. Apart from that, the use of SMS or email for passwordless authentication introduced an attack vector that could be used to compromise accounts.