In a recent update, Microsoft has given the option to completely remove the password from your Microsoft account. Instead, you can use the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to your phone or email to sign into your Microsoft apps. But what’s the reason behind this?
Passwordless alternatives are by no means a new feature. Consider the face and fingerprint recognition we all use on our smartphones, allowing us to log on in seconds, without so much as a second thought. But these features weren’t just designed to save time. Weak passwords are the leading cause of data breaches, and with 18 billion password attacks every year, this is not something to be sniffed at.
With the number of accounts, devices and systems we now use, it’s difficult to remember each password, so we end up writing them down, reusing them, forgetting them and resetting them. It’s a major hassle- but more importantly, it’s a security risk.
We all know the struggle of trying to think of new, secure passwords for every account, and it’s easy to slip into the habit of using the same one for each. And we’re not alone: according to a study conducted by Google in 2019, 72% of Americans reused passwords for different accounts, more than a third wrote them down in notebooks and 49% used slight variations of the same password, adding a number or symbol here and there.
We all know why reusing passwords is risky business, but consider other vulnerabilities your password might have. A quick look at your social media, for instance, could reveal your favourite colour, your pet’s name, your lucky number, or any number of things that you use for passwords.
Cybercrime has become more sophisticated, and realistic phishing tricks could convince you to enter your credentials into a fake website, dropping your password straight on the hacker’s lap. Even more frightening is the constant evolution of malware, one wrong click and you could unwittingly have installed keystroke logging software that allows hackers to see what you’re typing from their end, or even gain access to your whole device (including that spreadsheet you keep on your desktop containing all your passwords). One wrong click, and the bad guys have free access to your entire online life: social media, bank accounts, email, you name it.
The very thing designed to keep our accounts secure, can be their Achilles’ heel. So, with that in mind, Microsoft’s alternative login features could be a great solution. Hackers can’t steal your passwords if you don’t have one.
It may be a while before we can go completely passwordless, but there are ways to increase the security of traditional password-based logins. First and foremost, always enable Multi-Factor Authentication (MFA) whenever possible.
To find out more about password security or to assess and improve the security of your business, get in touch with a member of our Managed Security Services team.