Microsoft Wants Passwords To Die Quickly As Azure Nudges Towards Biometric Security
Passwords as a form of computer security have been around for more than half a century, dating all the way back to the early 1960s. Yet we still use them, but should we? Not according to Microsoft. Too many flaws make traditional passwords too risky in today's era, and as far as Microsoft is concerned, password-free security solutions are the way to go.
A big reason why is because too many people continue to use terrible passwords, like "picture1" and "1-2-3-4-5," and not just on their luggage. We always cringe when security firms post a list of the worst passwords still in use. Granted, a large portion of those lists is probably comprised of people using weak passwords on throwaway accounts, but you just know someone out there logs into their bank account with "abc123" or "password" as their password.
It drives Microsoft bonkers too. Vasu Jakkal, corporate vice president of security, compliance, and identity marketing at Microsoft, told Yahoo that traditional passwords pose a "big risk for organizations." According to Microsoft's data, the average email address is associated with more than a 100 accounts.
"That means every time one email address is compromised, you're compromising all these accounts," Jakkal said.
For this reason, Microsoft is going to start allowing business customers of its Azure Active Directory to kick passwords to the curb in favor of biometric solutions, like facial recognition (Windows Hello for Business) and fingerprint scanners. They will also be able to use the Microsoft Authenticator app or a FIDO2 solution (like a USB drive.
Though Microsoft is making an effort to leave passwords behind and hopes it will happen quickly, the company acknowledges it will probably take some time. After all, 60-year-old habits don't just change overnight.
"It's a long journey but we do hope that passwordless is going to be a norm. It is a safer way to do things and so the more we can all embrace that I think the more we can protect ourselves and our organizations," Jakkal added.
This is not a new revelation on the part of Microsoft. The company has been trending in this direction for some time. At last year's Ignite conference, Microsoft announced more than 150 million people were already using the company's passwordless sign-in options each month.
"Our team has been working hard this year to join these partners in making passwords a thing of the past. Along with new UX and APIs for managing FIDO2 security keys enabling customers to develop custom solutions and tools, we plan to release a converged registration portal in 2021, where all users can seamlessly manage password-less credentials via the My Apps portal," Microsoft said at the time.
Now at this year's Ignite conference, Microsoft is continuing to push for passwords to become a relic of the past. Realistically though, it will probably be a topic at next year's conference, too. Old habits die hard.