Anyone who wants to sign in to their Microsoft account no longer needs a password. “The future is password-free,” the tech giant declared. “I don’t think so per se,” countered security expert Anne-Marie Eklund Leander.
With just a few clicks, you can now deactivate the password for your Microsoft account. What remains after, for example, identification with Windows Hello. It is also possible to log in with a hardware key of the type used by the Swedish company Yubico, for example, or with a temporary code sent to the user’s phone or email.
“I don’t really know if this is a step in the right direction,” says Anne-Marie Eklund Leander, head of security at the Internet Foundation.
What makes Eklund-Löwinder suspect that two-factor authentication disappears for those who choose to deactivate the password. This is an opinion she shares with Per Thorsheim, founder of Passwordcon. Thorsheim tells the Malwarebytes Lab blog Microsoft is removing the “something you know” factor.
– What options do we have then? Only those who can be robbed or abused in intimate relationships? Would it be easier for the offender when they don’t have to guess or bypass the victim’s password?
Per Thorsheim also questions the complexity of being able to recover an account without a password as an added guarantee.
As early as 2004, Bill Gates declared the password dead, but the method proved difficult to kill. However, over several years, Microsoft made efforts to prove that its founders were right all along. This latest update applies to private users: Business users have had the option to opt out of passwords since March.
Bad passwords are behind 8 out of 10 cyber attacks
According to the World Economic Forum, very weak passwords are behind 80 percent of all data breaches. Microsoft has noticed that It means that users stand between choosing a password that is secure but difficult to remember, or a bad password that is easy to remember.
However, there are a number of password managers – One Password for example – that make passwords safe and easy to work with.
Personally, I think using passwords correctly is a hard-to-beat solution in terms of implementation cost and ease of use as well. Many people say that managing passwords is complicated and I can agree that there is a limit to learning. But awkward? No, I don’t buy that. There are many new smart and modern solutions, says Anne-Marie Eklund-Löwinder.
It should be noted that many of us have much more accounts than just those with Microsoft and that in most cases a password is required, as always. However, it is not only Microsoft that is fighting the old, proven method: a number of startups have noticed the fact that biometric recognition has become very easy and are offering solutions using this technology.
But Anne-Marie Eklund-Löwinder reminds us that there are flaws in biometrics, too.
– You can change the password, but you cannot change the thumb. Therefore, you must have more than one factor when logging in. It should not be attached to one.
“Entrepreneur. Freelance introvert. Creator. Passionate reader. Certified beer ninja. Food nerd.”