Microsoft study: The future is passwordless!

Microsoft study: The future is passwordless!

By Khevna Pandit


The COVID-19 crisis not only keeps consumers on their feet but also keeps industries scratching their heads to come up with innovations now and then. Keeping in mind the fast-paced lifestyle that society has gotten used to, shortcuts have become the next big thing for the audience who has learnt to sit at home.

Password problems

With our personal and professional lives tied together via online accounts, most of us have faced the exhausting issue of having to store all our passwords in one place (let alone having to change them every fortnight!)

According to a Ponemon Institute study, more than half of people reuse an average of five passwords across the business and personal accounts - something that constitutes as an easy target to hackers. Our online presence, which can be controlled using one single password, is an easy way for hackers to pry open our digital lives. With most of us sitting at home, trying to remember the last password change on our accounts mindlessly, it is safe to say that the future is leaning towards a quick, passwordless future.

Can the future really be passwordless?

As a matter of fact, yes! Access solutions are now moving towards biometrics or authentication on your personal device. This method of verification will not only allow users to rely less on passwords but will also help companies to save on the 30 to 60 per cent of support desk calls dedicated to facilitating password resets.

A report by Microsoft from May shows how more and more users are now choosing to sign in without a password. The number, which has reached a whopping 150 million, shows that 55 per cent of people would prefer a method of protecting the account without a password.

A recent Microsoft survey also revealed that the use of biometric work accounts is set to double this year, as nearly a quarter of companies are already using or planning to deploy biometrics soon.

How does passwordless authentication work?

Unlike a password, this type of authentication will replace the word that you use to log in with something that you already possess. This creates a hassle-free environment for the user to log in. Here are some methods that can be used to log in without a password:

Direct access to PC via biometric and PIN: This prevents access to the device from anyone other than the owner. This solution enables the user to make use of his/her unique identifiers for seamless sign-in that can also be built-in with single sign-on (SSO) solutions.

Using a phone as a multi-authentication tool to turn iOS or Android phones into a strong, passwordless credential: An example of this is the Microsoft Authenticator App, where users can sign in to any platform or browser by getting a notification to the phone, matching a number displayed on the screen to the one on the phone, and then using biometric (touch or face) or PIN to confirm.

Fast Identity Online (FIDO) and FIDO2 security keys: This allows users and the organisations to leverage this unphishable standards-based passwordless authentication method for sign in to resources without a username or password. It makes use of an external security key or platform key built into a device. This is an excellent option for enterprises who are very security-sensitive or have scenarios or employees who aren't willing or able to use their phone as a second factor.

With working from home turning out to be the new normal, keeping up with remote technology will be the way to go forward. With more and more forms of passwordless technology coming into existence, the new form of access and verification will soon become commonplace for both organisational and personal use, embracing passwordless methods early is the most simple yet highly effective and long-lasting step to enhancing cybersecurity for a safer future.

The bridge chronicle