How Microsoft Plans To Kill Burdensome Passwords Once And For All In 2021
Most devices that require some form of authentication leverage a username and password combination, a security measure that has been place since the dawn of time (well, maybe not quite that long, but still a long time). But there are problems with passwords. Weak ones are easy to crack, and tough ones are difficult to remember. Can we move beyond the traditional typed password? Microsoft believes so, and it plans to increase its efforts in that direction in 2021.
Moving away from passwords completely is probably going to take a long time still, but it also seems like an inevitability. Eventually, anyway. We're reminded of the weakness of passwords when, each year, companies like NordVPN release lists of the most commonly used and worst passwords of the year. For 2020, we're looking at incredibly easy to guess passwords like "123465" and "picture1," to name just a couple.
The problem is, registering for a site can be a hassle, and while using a different password for each individual account is good security practice, it can be a pain juggling so many different ones around (which is where password managers come in handy). Even knowing this, people generally don't do it. According to Google, data collected from its security-focused Chrome extension reveals that a lot of people are using compromised passwords, and a staggering 25 percent of users who were notified by the extension of an unsafe password simply ignored the warning.
This is what Microsoft wants to avoid. In a blog post on the topic, Microsoft points out that it has been making strides towards a password-free future throughout the year, such as previewing last February new Azure Active Directory support for FIDO2 security keys in hybrid environments. And at Microsoft Ignite in September, the company revealed a new password-less wizard available through the Microsoft 365 Admin Center.
Looking ahead, Microsoft wants to push things even further in 2021.
"Our team has been working hard this year to join these partners in making passwords a thing of the past. Along with new UX and APIs for managing FIDO2 security keys enabling customers to develop custom solutions and tools, we plan to release a converged registration portal in 2021, where all users can seamlessly manage password-less credentials via the My Apps portal," Microsoft explains.
According to Microsoft, its efforts are paying off. The company says that password-less use in Azure Active Directory is up by more than 50 percent for Windows Hello for Business, password-less phone sign-in with Microsoft Authenticator, and FIDO2 security keys. It also notes there are more than 150 million password-less users across Azure Active Directory and Microsoft consumer accounts.
In addition, Microsoft says the number of consumers using Windows Hello to sign in to Windows 10 devices instead of a password grew to 84.7 percent from 69.4 percent in 2019. That's not too shabby.
Have you moved away from using passwords on any of your accounts, or plan to next year? Sound off in the comments section below.