Microsoft announced that users of Outlook, OneDrive, Family Safety, and more can now opt out of using passwords and choose alternative authentication methods, predicting that “the future is passwordless.”
This comes after the company announced that passwordless sign-in was generally available for commercial users, bringing the feature to enterprise organizations around the world. Some of the main reasons why the company thinks that going passwordless is the next step is because passwords can make people an easy target, they waste time with 43% of people experiencing password problems monthly, they aren’t user friendly, and many people forget them, according to Vasu Jakkal, the CVP of Microsoft Security, Compliance & Identity. Jakkal wrote in a blog post:
“We are expected to create complex and unique passwords, remember them and change them frequently, but nobody likes doing that either. In a recent Microsoft Twitter poll, one in five people reported they would rather accidentally “reply all” — which can be monumentally embarrassing — than reset a password.”
Passwords are also a major entry point for hackers with an estimated 579 password attacks every second — that’s 18 billion every year. Password-related attacks dominate attacks on enterprises, and 90% of respondents to the State of Passwordless Authentication 2021 report said they experienced phishing attacks against their organization. The report was produced by Cybersecurity Insiders, a 500,000 member community for information security professionals.
The FIDO Alliance also found that 61% of companies revealed that their “passwordless” multi-factor authentication methods still rely on underlying passwords.
However, many companies have been shifting to using truly passwordless solutions with 96% of respondents to the report saying that they want to stop using shared secrets for authentication. The FIDO Alliance wrote in the report:
“There is a common notion among technologists, analysts, regulators, and the media that passwords aren’t going anywhere. This report tells a very different story from the practitioners’ point of view. Not only have a meaningful number of organizations already deployed passwordless technology, but they also demonstrate a clear understanding of its impact and use cases.”
Some of the alternative authentication methods that Microsoft now offers include the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to your phone or email.
Microsoft software users can now visit account.microsoft.com, sign in, and choose Advanced Security Options. Under “Additional Security,” you’ll see “Passwordless Account.” Select ‘Turn on.’
Jakkal added that they have heard great feedback from their enterprise customers who have been on the passwordless journey. He noted that Microsoft itself is a great test case — nearly 100% of their employees use passwordless options to log in to their corporate accounts.