Security

Microsoft: Here's our 4 step plan for getting rid of passwords forever

Microsoft plans to replace passwords with Windows Hello and other tools, starting with the Windows 10 April 2018 Update.

Building a slide deck, pitch, or presentation? Here are the big takeaways:
  • Microsoft wants to create a world in which passwords are replaced with other secure user credentials that cannot be breached.
  • The Windows 10 April 2018 Update in S mode allows cloud users an end-to-end experience that does not require any passwords.

Microsoft is doubling down on its promise to rid the world of passwords and replace them with more convenient and secure options, the company announced in a Tuesday blog post.

"Nobody likes passwords. They are inconvenient, insecure, and expensive," according to the post. The tech giant wants to deliver on two key promises: That end users "should never have to deal with passwords in their day-to-day lives," and to replace passwords with "user credentials [that] cannot be cracked, breached, or phished."

Microsoft first made a move to reduce password use with Windows Hello, introduced in Windows 10, which uses biometric sensors to verify a user's identity based on a fingerprint or face scan. It has since introduced the Authenticator app, which allows users to log into their Microsoft account on their desktop using their phone. Finally, Microsoft is working with the Fast Identity Online (FIDO) working group to update Windows Hello with physical FIDO2 security keys that allow for more secure authentication.

The Windows Hello FIDO2 Security Key feature is now in limited preview, the post noted.

SEE: Password Policy (Tech Pro Research)

"At its core, our fundamental philosophy is simple: devalue the password, and replace it with something that eradicates its use for the end user and drains its value for an attacker," according to the post.

The Windows 10 April 2018 Update includes the ability to do just that, the post noted: Using Windows 10 in S mode, cloud users (with Managed Service Account or Azure Active Directory) can use their PC without ever entering a password. Users can take advantage of this feature by setting up the Microsoft Authenticator App, installing the Windows 10 April 2018 Update with S mode enabled, and setting up Windows Hello.

To achieve a password-less future for all devices, Microsoft laid out a four step plan:

1. Develop password-replacement offerings. This would involve replacing passwords with a new set of alternatives that retain the positive elements of passwords while also improving their shortcomings.

2. Reduce user visible password-surface area. Microsoft wants to upgrade all elements in the lifecycle of a user's identity, including provisioning of an account, setting up a new device, and accessing apps and websites, to make sure they work with password replacements.

3. Simulate a password-less world. This means helping end users and IT administrators to transition into a password-less world easily.

4. Eliminate passwords from the identity directory. Deleting passwords from the identity directory represents "the final frontier," according to the post.

It remains to be seen if other tech giants will follow Microsoft's lead and eliminate passwords. With the rise of biometric security in a number of fields, the future for businesses could very well be password-less.

Also see

istock-163124577.jpg
Image: iStockphoto/RayaHristova

About Alison DeNisco Rayome

Alison DeNisco Rayome is a Staff Writer for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.

Editor's Picks

Free Newsletters, In your Inbox