Microsoft continues its relentless drive to get rid of passwords as sign-in options that enterprise customers use to access Azure Active Directory (AAD) and those consumers use to access Microsoft Accounts on Windows 10 and Windows 11 PCs.
Vasu Jakkal, Microsoft’s corporate vice president of the Microsoft Security, Compliance, Identity, and Management division said the company is extending the same passwordless tech it had for commercial users to consumers.
With a few steps, he says, you too can be passwordless. He added that the Redmond giant is going completely passwordless for Microsoft accounts so a password isn’t needed.
The password isn’t dead
The reason why passwords are so bad is that users often pick easy words to remember, which makes them prone to brute force/spaying attacks, where hackers use a list of common passwords against online accounts, knowing that someone is bound to have used one of them.
Does this move mean the password is going to die? The OAuth and FIDO2 standards have helped introduce easier ways to use smartphones as two-factor or multi-factor authentication (2FA, MFA) options.
Even for a software giant like Microsoft, with over a billion PCs in use today, solving the issue takes an entire industry.
It takes a global village
For the world to go passwordless, operating systems, browser makers, and app developers have to cooperate. Windows PCs and Microsoft accounts for Microsoft apps (Office, OneDrive, Outlook, and the like) are a big part of reaching this goal.
However, they do not form the whole picture. Even so, Jakkal insists that Microsoft is making progress.
He added that nearly 100% of Microsoft employees are passwordless and use Windows Hello and biometrics. Microsoft already has 200 million passwordless customers in both the enterprise and consumer pools.
Meanwhile, Redmond is pushing for google to support its standards natively to aid in achieving that goal.