__________________________________________________________
Passwords are a fundamental staple of cybersecurity. It’s a step we all use to keep our accounts and data secure, and it’s something many of us have probably never questioned: of course we use passwords, how else could you sign in to your account and keep it secure?
As it turns out, passwords come with a lot of risks: not only can they be hacked or phished, but most users choose the same handful of simple passwords for all their accounts, which poses troubling security risks if one of their accounts is compromised.
Imagine a future where passwords are a relic of the past and your accounts are more secure than ever. Sound revolutionary and far-off? In fact, this is Microsoft’s vision for the future, and the technology they’ve created to accomplish it isn’t just a futuristic sci-fi fantasy – it exists now and is being used at an increasingly widespread rate.
So, what will this passwordless future look like?
That’s what we’ll unpack below.
Windows Hello is Microsoft’s biometric authentication tool, allowing users to unlock devices with a face or fingerprint scan instead of a password. It is the driving force behind Microsoft’s password-free vision, which will rely upon one-to-one security checks (that is, a security token that is only useable once, so that an individual verification can’t be compromised later) such as multi-factor authentication (MFA) and biometric verification instead of passwords.
Phishing is the fraudulent practice of sending emails purporting to be from reputable companies to trick individuals to reveal login credentials. Passwords are especially vulnerable to this tactic. But according to Microsoft, going passwordless will eliminate this threat by effectively removing passwords from the login verification process.
At the moment, there is still an underlying password behind each Windows Hello authentication, but the password isn’t used during login verifications. This not only means it won’t be at risk when browsing the internet, but it also means users can set it to be an extremely complicated string of characters that would be difficult to crack. Yes, this could be difficult for users to memorize, but remember, they won’t need their passwords in their day-to-day.
That being said, Microsoft’s long-term strategy is to do away with passwords altogether, instead opting for Windows Hello. The reason Windows Hello is a great solution is that it provides a secure and seamless login experience.
Right now, one band-aid solution for password vulnerabilities is traditional MFA, which asks users to go through several verification steps (such as entering a one-time code they receive via text) after entering their password in order to verify user identity. While this is a helpful security measure, it feels clunky and slows down productivity.
Without passwords, however, Windows Hello will make it so you don’t have to worry about logging in multiple times since authentication happens automatically and near-seamlessly as you navigate through programs. MFA will still be a necessary measure, but it will be streamlined, and you’ll encounter it less often. For example, you’ll likely encounter it when accessing admin-level permissions to make changes to a system.
Saying no to passwords means saying yes to enhanced security, fewer login headaches, and potentially higher levels of productivity for your team.
Does going passwordless with Windows Hello sound like a distant sci-fi future? Believe it or not, you can actually achieve passwordless today, but you need to be in a modern solution design. This means your applications must support Azure tokens (if need help understanding or navigating Azure tokens, let us know – we’re happy to help!), as that is essentially the ball bearing of the biometric login operation.
Eventually, passwords will be a thing of the past altogether. As of today, however, with the right setup, you can effectively go password-free. The best thing you can do to capitalize on this trend is to go ahead and modernize your solution. However, we realize that’s no small ask – there’s a lot of work to be done to modernize any IT environment, which is even more reason to plan for the future today.
Does that seem overwhelming? It doesn’t have to be! Reach out to us so our architects can develop a customized roadmap to modernize your environment, get your team passwordless, and keep you on the cutting edge of technology