Microsoft plans to replace passwords with an authenticator app

16TH SEPTEMBER 2021- Microsoft has announced its plan to remove passwords and allow users to login with an authenticator app or verify themselves with another method. Already implemented in March for business users, it is now being made more accessible to all Microsoft or Window users.  

When enabled, the login method will require the user to provide a fingerprint, or complete another security task, both with the mobile phone.  According to Microsoft, this is more secure than using passwords which can be deducted or stolen because “only you can provide fingerprint authentication or provide the right response on your mobile at the right time”.   

Quick login features such as pin codes will remain available for use by Window users.  

In some instances, the password method will still be required for Office 2021, Xbox 360, consoles, Windows 8.1 and older softwares. 

In instances where the user cannot access the authenticator app due to the phone being lost, stolen or due to a missed update, backup options for logging in are available including the following: 

• Windows facial recognition, for which a suitable laptop or camera is needed. 
• A physical security key which needs to be inserted to log in. 
• Send codes to SMS or email. 

It is important to remember however that SMS and email are commonly used by cyber criminals to target individuals. Additionally, Microsoft states that those who have set up a two-factor authentication will need two different methods for recovery.  

As penned by Vasu Jakkal the security vice-president, “passwords are incredibly inconvenient to create, remember, and manage across all the accounts in our lives. We are expected to create complex and unique passwords, remember them, and change them frequently – but nobody likes doing that”.  

Users lean towards creating more simpler passwords which although include the typically required keys, symbols, numbers and case sensitivity, are compromised with a repeated formula. Also in many cases, users adopt the same password for multiple platforms, increasing the likelihood of hackers to guess their target’s password or reveal it in a data breach and then use it.   

When the user sets up a passwordless login, the confirmation informs the user that they have “increased the security of your account and improved your sign-in experience by removing your password”. 

The claims made by Microsoft were acknowledged by Professor Alan Woodward, an internationally renowned computer security expert who expressed that “the message has been pummelled home about what good password hygiene looks like – but it’s easier said than done”. Also stated, “maybe the time is now right to start looking for something different”.   

Agreed standards are currently lacking as “there are a number of different ways this could be done”, as stated by Professor Woodward, who also commented that “it would be good if everybody moved on, really and tried to find a way of doing this”.