Microsoft is Leading the Way to a Password-Less Future



Microsoft is Leading the Way to a Password-Less FutureAs we observe World Password Day to create awareness around the need for password security, Microsoft is looking for frictionless ways to eliminate passwords entirely.

Today, on World Password Day, I thinks it’s fair to say we’re doing our part to raise awareness around the insecurity of passwords on almost a daily basis – both here in our blog where I talk about credential theft, the need for Multi-Factor Authentication (MFA), pwned passwords, and more; as well as in part within our Security Awareness Training that helps employees within organizations understand the threat of social engineering attacks and the desire of cybercriminals to obtain valid credentials to continue their malicious activity.

Microsoft, too, is doing their part by working to “make passwordless authentication even easier to use than passwords, which are hard to remember and far less secure” according to a new interview with Microsoft senior product manager, Libby Brown. In it, Libby talks about increased use of an individual’s mobile device as a “passkey”, leveraging the native gesturing and biometric technologies found in mobile devices today.

This is good news, as we know that individuals simply don’t want to create unique passwords for each and every application, system, platform, etc. It’s equally damning for cybercriminals, as if everyone went passwordless, malicious campaigns reliant on providing access to internal data and resources would be unsuccessful without access to both an endpoint and the user’s mobile device.

Microsoft’s goal is to create a frictionless way to transition to a world without passwords; given the pervasive use of SMS texts across a wide range of web applications, it feels like we’re nearly ready to pull the password plug.

Perhaps in a few years, May the 5th will become “World Passwordless Day”. We’ll see!


Are your user’s passwords…P@ssw0rd?

Employees are the weakest link in network security, using weak passwords and falling for phishing and social engineering attacks. KnowBe4’s complimentary Weak Password Test (WPT) checks your Active Directory for several different types of weak password related threats.

wpt02Here's how it works:

  • Reports on the accounts that are affected
  • Tests against 10 types of weak password related threats
  • Does not show/report on the actual passwords of accounts
  • Just download the install and run it
  • Results in a few minutes!

Check Your Passwords

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/weak-password-test



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews