As we observe World Password Day to create awareness around the need for password security, Microsoft is looking for frictionless ways to eliminate passwords entirely.
Today, on World Password Day, I thinks it’s fair to say we’re doing our part to raise awareness around the insecurity of passwords on almost a daily basis – both here in our blog where I talk about credential theft, the need for Multi-Factor Authentication (MFA), pwned passwords, and more; as well as in part within our Security Awareness Training that helps employees within organizations understand the threat of social engineering attacks and the desire of cybercriminals to obtain valid credentials to continue their malicious activity.
Microsoft, too, is doing their part by working to “make passwordless authentication even easier to use than passwords, which are hard to remember and far less secure” according to a new interview with Microsoft senior product manager, Libby Brown. In it, Libby talks about increased use of an individual’s mobile device as a “passkey”, leveraging the native gesturing and biometric technologies found in mobile devices today.
This is good news, as we know that individuals simply don’t want to create unique passwords for each and every application, system, platform, etc. It’s equally damning for cybercriminals, as if everyone went passwordless, malicious campaigns reliant on providing access to internal data and resources would be unsuccessful without access to both an endpoint and the user’s mobile device.
Microsoft’s goal is to create a frictionless way to transition to a world without passwords; given the pervasive use of SMS texts across a wide range of web applications, it feels like we’re nearly ready to pull the password plug.
Perhaps in a few years, May the 5th will become “World Passwordless Day”. We’ll see!