The technology giant Microsoft made passwordless accounts available for business users of its products in March. The system is now being made available to all Microsoft or Windows users. The feature allows you to go password free, all you need is the authenticator app.
Microsoft said “nearly 100% of our employees” were already using the new, more secure system for their corporate accounts. If passwordless login is enabled, users re-logging into a Microsoft account will be asked to give their fingerprint, or other secure unlock, on their mobile phone.
This is far more secure than using passwords, which can be guessed or stolen, according to Microsoft.“Only you can provide fingerprint authentication or provide the right response on your mobile at the right time,” it said. Windows users will still be able to use quick-login features such as a Pin code.
Some exceptions will still require passwords, such as Office 2010, Xbox 360 consoles, and Windows 8.1 or earlier machines. If access to the authenticator app is lost – for example, if the phone it is installed on is lost or stolen or a user forgets when upgrading – backup options can be used, including; Windows Hello facial recognition, which requires a compatible laptop or special camera; a physical security key, which must be used on the device logging in; Short Message Service (SMS) or email codes.
However, SMS and email are two of the most common channels for cyber-criminals targeting specific individuals
And Microsoft says security-conscious users who have two-factor authentication set up will need to have access to two different recovery methods.
Microsoft discusses reasons for the new system in a series of blog posts.
Security vice-president Vasu Jakkal wrote: “Passwords are incredibly inconvenient to create, remember, and manage across all the accounts in our lives. We are expected to create complex and unique passwords, remember them, and change them frequently – but nobody likes doing that.”
People tended to create insecure passwords that technically cleared the bar for using symbols, numbers or case sensitivity – but in order to remember them, used a repeated formula or the same password on multiple websites. “Hackers don’t break in, they log in,” the blog post read. The new passwordless feature greets users with a box saying: “A passwordless account reduces the risk of phishing and password attacks.” And once the feature is set up, a confirmation tells users: “You have increased the security of your account and improved your sign-in experience by removing your password”.