Passwords are a pain. Microsoft’s announcement, this week, on ‘passwordless log-in’ details their plans to free us all from the relentless need to create new passwords, at least for our Microsoft accounts. This bold move by Microsoft provokes a seismic shift in our thinking on passwords. Until now password creation has been a tiresome but essential feature of entry-level account security. But therein lies the problem: their very existence creates a risk. No matter how great our efforts to make our passwords as secure as can be, at the end of the day there is always a risk they can be guessed or stolen, in effect giving criminals the key to our data. Taking them out of the picture altogether seems like a radical move for Microsoft but they have been planning this shift for a number of years.
With passwordless log-in, users can delete all passwords from their Microsoft accounts and rely solely on app-based log in or facial recognition instead. Microsoft introduced this option to their business customers in March 2021, expanding the offering to their personal customers this week.
Once enabled, users will use the Microsoft Authenticator app to log into their account (other authenticator apps such as Google Authenticator won’t work for this). Users will input a code they will view on their app from their smartphone (or other device). It’s not without it’s problems though. What happens if the device is lost or simply not available when you need it?
Microsoft have listed several back up options:
We are watching with interest on how this unfolds for Microsoft Users. Our IT Support customers in Glasgow and Edinburgh will welcome the opportunity to enjoy the benefits of passwordless log-in, including the extra security it offers their business. As Microsoft partners we are well placed to provide you with advice on this issue, as part of your IT Support package, if the benefits are of interest contact us.