Passwordless Logins: The Key to Fight Hackers

Keeping track of passwords for different accounts will soon become a thing of the past. Microsoft has recently announced that its customers will soon be able to access their accounts without a password. At the moment, Microsoft has enabled passwordless access to Xbox Live, OneDrive, and Skype. Instead of needing a password, logging in will consist of a combination of fingerprint and facial recognition, Microsoft’s authenticator app, and a verification code will be sent to your email.

Microsoft’s Timeline For Becoming Passwordless

The death of passwords has been discussed since 2004. Google and Facebook supported a format called FIDO Universal 2^nd Factor in 2017. This is a USB device that replaces passwords or codes for authentication. Microsoft has been working towards passwordless logins for years now.

In 2018, Microsoft launched its first version of passwordless logins. Since then, 200+ million users have chosen to have a password-free life. The tech giant’s new option to completely remove password authentication for all users was confirmed on September 15th, 2021.

With a passwordless future, Microsoft hopes to eliminate user’s stress of remembering passwords and making their accounts more secure. Creating and remembering a password and being a prime target for attacks by hackers seems crazy to think about.

Human behavior is predictable. People choose passwords that are easy to remember. Whether that be a family pet name or a sports team, a hacker will most likely be able to figure it out.

According to The Verge, there are around 579 password attacks every second. The number of attacks increased once more people transitioned to online work during the pandemic. In the past decade, the adaption of two-step verification has reduced the risk of compromise by 99.9 percent.

A Microsoft Teams user accessing her account through passwordless authentication — Microsoft is pushing for a passwordless future in an effort to increase users’ security and peace of mind.

How Remote Work Changed Online Security

Due to the pandemic, Microsoft’s timeline to go passwordless accelerated because of a greater shift towards digital communications by businesses. As remote work continues to expand, tighter online security is necessary.

The business world is starting to look towards Zero Trust regarding their security over passwords. This means that all users in or outside an organization’s network must be authorized through tighter security before being given access to applications and data. By the end of 2021, at least 67 percent of companies plan to use Zero Trust.

Other Tech Giants Offering Passwordless Authentication

Passwordless logins have been proven to be more convenient and secure than to scan your finger for account access. This has driven major corporations such as Google and Apple to begin working on passwordless authentication to increase their users’ security. Apple created Face ID in 2017 when the iPhone X was released.

For later this year, Apple has announced its plans to start using iCloud Keychains that will come along with other Apple products. When creating an account, Apple’s iCloud Keychains will only ask for a username. Keychain will then hold a passkey that Apple user’s device generates and uses across all Apple devices. The user will also have to verify authentication with Face ID or Touch ID.

Apple’s passkeys and Google’s FIDO2 will be used alongside a specific app or website to prevent phishing attacks on users.

A hacker trying to steal people's passwords, the reason for passwordless logins — The number of hacker attacks has been increasing at alarming rates – hybrid workplaces might make their work easier.

Passwordless Logins: The Key To Fighting Hackers

Having a strong, unique password for individual accounts is difficult to manage. It becomes much easier for a hacker to break in when someone uses slightly altered versions of the same password. According to Statista, as of October 2018, only 20 percent of users had different passwords for each account.

It’s harder to hack someone when a user enters their account by fingerprint or through a code sent directly to their phone. Even if a user loses access, they can recover their account through other verification options. Losing the password option also means there is less data available for the hacker to steal. As Security Boulevard informs, passwords that have been compromised were the leading source of breaches in 2020.

Going passwordless is still relatively new, which raises concerns. No one really knows what to expect or what to do if an issue occurs. For instance, if an attacker took someone’s device or passkey, the owner’s security could be in jeopardy. They can access all accounts by showing the Face ID a picture or could falsely claim to lose the person’s SIM card.

While fingerprint authentication is only one option to replace passwords, it is important to know that hackers are persistent. A study by Cisco’s Talos security group showed that hackers tend to have an 80 percent success rate when bypassing fingerprint authentication.

Cost is also a factor when considering going passwordless. Depending on the consumer base, the costs of going passwordless can range from $20 to $500 per user. While passwords have been used for years, technological advances are enabling tighter, user-friendly security.

Whether it be by fingerprint, facial recognition, or by tapping a button on their phone, users should look forward to this new way to keep their accounts safe and protected at all times.