Security

Why Microsoft is leading the march toward a passwordless future

Microsoft rolled out passwordless sign in option for insiders on Windows 10 build 18309. Here's why others will likely follow.

Microsoft continues to push toward its vision of a passwordless future. On Thursday, the company released its Windows 10 Insider Preview Build 18309 (19H1) to Windows Insiders, allowing users to sign into their account without a password.

Microsoft first announced support for setting up and signing into Windows 10 Home edition insiders with a phone number account and no password via Build 18305 in December. Thursday's release extends that support to all Windows 10 editions, according to a Microsoft blog post.

Windows 10 users who have Microsoft accounts with their phone number can use an SMS code to sign in and set up their account on Windows 10. At that point, they can use Windows Hello Face, Fingerprint, or a PIN to sign in to Windows 10, with no password required.

SEE: Password Policy (Tech Pro Research)

Passwords represent a critical vulnerability to most organizations today, Chad Holmes, chief technology, innovation and strategy officer for EY's cybersecurity practice, told TechRepublic.

"Whether in the initial compromise or down the stream of the killchain, there was always some use of a password in the attack landscape," Holmes said.

Microsoft's first move to reduce password use came with Windows Hello, introduced in Windows 10, which uses biometric sensors to verify a user's identity based on a fingerprint or face scan. The tech giant has since introduced the Authenticator app, which allows users to log into their Microsoft account on their desktop using their phone. It is also working with the Fast Identity Online (FIDO) working group to update Windows Hello with physical FIDO2 security keys that allow for more secure authentication.

The company's four-step strategy for killing passwords involves developing password replacement options, reducing users' visible password surface area, simulating a passwordless world, and eliminating passwords from the identity directory.

With the rise of biometric security in a number of fields, it's likely that other tech giants will eventually follow Microsoft's lead and eliminate traditional passwords in favor of face scans, fingerprints, tokens, or other options.

The big takeaways for tech leaders:

  • Microsoft's Windows 10 Insider Preview Build 18309 (19H1) allows users to sign into their account without a password.
  • Microsoft has made a number of moves to eliminate passwords from its ecosystem, replacing them with biometrics and PINs.

Also see

screen-shot-2019-01-04-at-8-32-41-am.jpg
Image: Microsoft

About Alison DeNisco Rayome

Alison DeNisco Rayome is a Senior Editor for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.

Editor's Picks

Free Newsletters, In your Inbox