image source, Reuters
Microsoft announced that users can now remove all passwords from their accounts and sign in instead using an authenticator app or other solution .
The tech giant made password-less accounts available to business users of its products in March.
And this system is now available to all Microsoft or Windows users.
He reported that "almost 100% of our employees " were already using the new, more secure system for their corporate accounts.
image source, Microsoft
If passwordless sign-in is enabled, users signing back into a Microsoft account will be prompted for their fingerprint, or other secure unlock, on their mobile phone.
And it's much safer than using passwords, which can be guessed or stolen, according to Microsoft.
"Only you can provide fingerprint authenticationor deliver the right answer on your mobile at the right time, "he said.
Windows users will still be able to use quick connect features such as a PIN code, however.
Some rare exceptions will still need passwords, such as Office 2010, Xbox 360 consoles, and Windows 8.1 or earlier machines.
What if access to the 'Authentication app is lost - for example, if the phone installed on is lost or stolen or a user forgets while upgrading - some backup options can be used, including:
- Windows Hello facial recognition, which requires a compatible laptop or special camera
- a physical security key, which must be used on the device login
- Short Message Service (SMS) or email codes
But SMS and email are two of the most common channels for cybercriminalsinels targeting specific individuals
And Microsoft says security-conscious users who have Two-Factor Authentication setup will need to have access to two different recovery methods.
source of the 'image, Microsoft caption of the image Microsoft email alerts customers that no password is more secure
Prof Alan Woodward, member of a research team on passwordless authentication at the University of Surrey, called it "not bold enough from Microsoft ".
" It's not just about connecting to PCs, it's about connecting to online services as well "- including important services such as cloud storage, he said.
Microsoft has explained the reasons for the new system in a series of blog posts.
Vice President of Security Vasu Jakkal wrote: "Passwords are incredibly difficult to create, remember, and manage all accounts in our lives.
"We're supposed to create complex and unique passwords, memorize them and change them frequently - but no one likes to do that.
image source, image caption The authentication application separate - not shown in this archive photo - is claimed to be more secure than a password
Instead, people tended to create passwords unsecure which bars it for the use of symbols, numbers or sensitivity toa case - but to remember them use a repeated formula or the same password on multiple websites.
And that led hackers to guess them or reveal them in a data breach and reuse them.
"Hackers don't break in, they log in ", reads the blog post.
'battered house '
The new no-password feature greets users with a box that says: "A password-less account reduces the risk of phishing and 'password attacks.
And once the feature is configured, a confirmation tells users: "You have increased the security of your account and improved your login experience by removing your password ".
Microsoft's claims about password misuse were largely true, Professor Woodward said.
" The message was hammered on this at what good hygiene looks likepasswords - but it 's easier said than done "he said.
Passwords were a decades-old concept " and maybe now is the time to start. You are looking for something else ".
But there were currently no agreed standards.
" There are different ways to do it - and it would be nice if everyone really moved on and tried to find a way to do it, ”said Professor Woodward.