Microsoft says it wants to completely ditch passwords as it makes passwordless login the default for all new accounts
If that superficially sounds like a security nightmare, Microsoft obviously isn’t just leaving all new accounts completely exposed. Instead, “new users will have several passwordless options for signing into their account.”
What options, exactly? “Instead of showing you all the possible ways for you to sign in, we automatically detect the best available method on your account and set that as the default,” Microsoft says.Options include Windows Hello Facial recognition, fingerprint scanning and PINs or personal identification numbers, which are together known as passkeys as opposed to passwords. PINs, of course, are really just a subset of the broader notion of passwords, so there’s an element of semantics to all this.
Despite that, Microsoft is touting the move as bringing its account logins a step closer to the ultimate ideal of completely ditching passwords. “As more people enroll passkeys, the number of password authentications will continue to decline until we can eventually remove password support altogether,” the announcement says.
Anyway, the driving force behind all this is the inherent insecurity of passwords. Once a password has been compromised, and if that’s the sole point of security, anyone, anywhere, can access an account by the simple means of typing in a password.
As Microsoft says, “bad actors know that the password age is ending, and that the number of easily compromised accounts is shrinking. In response, these bad actors are devoting considerable resources to automating brute force and phishing attacks against any account still protected by a password.
Last year, we observed a staggering 7,000 password attacks per second (more than double the rate from 2023). As passkeys become the new standard, expect increased pressure from cyberattackers on any accounts still protected by passwords or other phishable sign-in methods.”
While facial recognition, fingerprints and other biometric methods are not totally foolproof, they are fundamentally more secure. What’s more, passkey-based methods aren’t just safer, they’re easier and faster to use.
“Users signing in with passkeys are three times more successful at getting into their account than password users (about 98% versus 32%). When you use a passkey, you get into your account much quicker, too! Passkey sign-ins are eight times faster than a password and multifactor authentication,” Microsoft claims, and we’ve no real reason to doubt it.
Discover more from Webgames Play
Subscribe to get the latest posts sent to your email.
