Back in the day, passwords used to be the only way to secure your data online. However, as time has gone by, 2 step authentication and biometric security measures have risen in popularity. Passwords themselves have become quite complicated, requiring the use of capital letters, symbols and so on. This has been a source of frustration for many, which is why Microsoft wants to solve the problem… by taking passwords out of the picture completely.
Microsoft first declared that they want to build a world without passwords in early 2018. The company claimed they were motivated by how ‘inconvenient, insecure, and expensive’ they are, but also wanted to decrease the value of passwords for potential attackers and phishers. They are now one step closer to their goal. Support for passwordless accounts is already available on the Windows 10 Home edition and now on Insider Preview Build 18309. A stable version of the feature will make its way onto all Windows 10 versions later this year, likely around April.
But how do you protect your account without a password? With Microsoft’s new solution, users can simply provide their phone number and receive a text message containing a code, similar to how 2 step verification works on other platforms. If that sounds inconvenient, you also have the option to receive a code only when you log in on a new PC. Windows Hello is another alternative, which lets you set up a PIN, fingerprint or face scan login.
However, there are some concerns. It’s true that data breaches are incredibly common nowadays, which is why devaluing passwords seems like a great idea on the surface. Yet, it is not unheard of biometric security data being harvested. Artificial intelligence researches have already been able to produce fake fingerprints with the help of a neural network. But potential hackers and phishers don’t even have to utilize high tech solutions in a lot of cases – SIM duplication through social engineering is an incredibly common method of gaining access to valuable data. This is why Microsoft’s well intentioned idea of using your phone number could potentially lower, not increase security.
What do you think? Is Microsoft on the right track with its passwordless solution? Let us know in the comments.