Passwords were once the most reliable form of user authentication, but not today. High rates of data breaches attributed to compromised credentials in Australia suggest that password-based authentication is deeply flawed. This is largely because it relies on the user’s ability to set long, complex, and unique alphanumeric sequences for each account. Even if users adhere to these best practices, relying solely on passwords is not a good idea.
What’s wrong with passwords?
While creating one or two sets of passwords is fairly easy, just imagine managing over 30 different logins. It can be a challenge to come up with distinct combinations, let alone remember them all. Oftentimes, users opt for convenience over security and set the same generic and memorable password across all their accounts. That’s why ‘password’ and ‘123456’ are still the most commonly used passwords today.
Plus, no matter how diligent users may be, there’s always a risk they’ll forget their passwords. When they do, your company will suffer productivity losses while users can’t log in. You’ll also incur additional costs from requesting password reset and recovery services from help desk administrators.
The other major issue with passwords is that they can be stolen. Cybercriminals can perform brute force attacks, whereby specialised software guesses passwords through trial and error. They may even use keylogger malware to track their target’s keystrokes with the hopes of exposing passwords. However, if technical attacks aren’t feasible, cybercriminals may resort to phishing scams instead. These involve sending unsolicited emails designed to trick users into giving away their passwords by clicking on dangerous links.
It’s due to all these reasons why companies are opting out of passwords and seeking streamlined login processes. Microsoft, in particular, is leading the charge in passwordless authentication with Windows Hello, FIDO2 security keys, and Microsoft Authenticator.
1. Windows Hello
Windows Hello is a biometric security system that verifies user identity with iris scans, facial recognition, and fingerprint data. This login mechanism is more secure than passwords because it can’t be stolen or replicated. It uses optical sensors and 3D scanning technology to accurately capture a user’s biological characteristics. So unless the user is physically present, the device secured by Windows Hello can’t be compromised.
What’s more, biometric data is encrypted and bound locally to the mobile device or PC, not the cloud. This makes it impossible for cybercriminals to steal fingerprint, iris, and facial data directly from the device and Microsoft servers.
The best part about Windows Hello is that it’s convenient. Rather than recalling a complex sequence of characters, you just scan your finger or glance at the device to gain access to Microsoft accounts. If there are several people using the device, Windows Hello logs in users to the right account based on the biometric data.
Keep in mind that to use this feature, you’ll need either a Windows Hello-capable device or a biometric scanner. Microsoft recommends Tobii Eye Tracker 4C, Logitech HD webcams, and any USB fingerprint reader.
2. Fast Identity Online (FIDO2) security keys
FIDO2 security keys generate encrypted, phish-proof codes to authenticate users into a company-registered Windows 10 device or Azure Active Directory account. To log in, users only have to insert the key into the device’s USB port and tap the button. There’s no need to enter a username or password. If the security key is approved, access is granted to apps and resources depending on the user’s predetermined access privileges.
3. Microsoft Authenticator
Microsoft Authenticator is a multifactor authentication (MFA) app that generates one-time activation codes on your smartphone or tablet. Setting it up for your online accounts is as easy as scanning a QR code. Then, whenever you attempt to log in, you’ll be prompted to enter a temporary code on Microsoft Authenticator. New codes are also produced every 30 seconds. This way, no one can hijack your accounts unless they have the device on which Microsoft Authenticator is installed.
While Microsoft Authenticator is traditionally used alongside passwords, you can remove them entirely from the login process. The MFA app can be paired with Windows Hello so that your fingerprint, iris, or face ID is used as a second authentication factor. This means hackers will need biometric data and mobile devices to hack your accounts. Since both are extremely difficult to steal, hackers will likely leave your accounts alone and look for an easier target instead.
Single-factor password authentication simply has too many weaknesses in an increasingly connected world. There are now more accounts and devices being used than ever. Meanwhile, cybercriminals are becoming much more adept at guessing passwords and scamming people. Microsoft’s passwordless solutions combined with multifactor authentication address these problems and mitigate the risks. They provide a login experience that’s fast, seamless, and secure.
If you don’t know where to even begin with a passwordless deployment, Empower IT is here to help. Our support engineers can assist you with configuring access privileges, setting up biometrics, and pilot testing. We also supplement your defences with Duo security tools, advanced threat protection, and much more. Call us today, we’re the managed IT services provider Australian organisations trust.