Friday, September 24

Microsoft wants you to give up your password

Big tech really wants you to ditch your password.

In 2019, I spoke to a Google Product Manager about the password issue. He urged people to ditch passwords in favor of better authentication methods, noting that alternative systems are “probably their safest bet.” Fast forward so far, and it seems Microsoft is okay with removing passwords as well.

In a ad posting, Microsoft revealed that it is adding a new option to remove the password from your Microsoft account. People who do can use other methods to sign in, such as Microsoft’s Authenticator app, Windows Hello, a security key, or a verified code sent to their phone or email.

However, it is worth noting that before now you could effectively prevent the use of your Microsoft account password, you simply could not remove it completely. I haven’t given up my password, but I haven’t written it down in years either. Instead, whenever I need to log into my Microsoft account, I use the Authenticator app. I grab my phone, authenticate, and am connected and ready to go. It is fast, simple and convenient.

Of course, not everyone agrees to ditch passwords just yet. Some things still require a password and some people feel more secure having one. Microsoft also detailed some of the reasons why passwords are not as strong; most echo other things I’ve written about passwords, including the Google story mentioned above.

Passwords are not secure because people suck at creating them

First, there is the side of human nature. Most people still create their own passwords, and to remember those passwords, most people also use the same password (or very similar versions of it) across multiple sites and services. Also, people often choose passwords that are easy for them to remember. However, the problem is that if a hacker guesses a site’s password or breaches security and steals a site’s passwords, it is very likely that they can use that password to log into other websites.

Hackers have many other ways of obtaining passwords as well. Phishing attacks, for example, seek to trick people into providing their login information. One way to do this is to create a fake login page for an app like Netflix, and then send people an email saying something like “There is a problem with your billing information, please sign in to fix it.” If the email looks real enough, people will click the link to the website, type in their password, and inadvertently abandon their login.

If you are interested in using your Microsoft account without a password, you can do so by going to “account.microsoft.com”, logging in, and clicking “Advanced Security Options”. Under “Additional security”, find “Account without password” and select the option to activate it. If the option isn’t there, you may need to wait a bit while Microsoft continues to roll out for the next several weeks. And you can always go back if you don’t like it. You can learn more about password-free Microsoft accounts here.

If you still need a password, get a password manager to increase your security

Of course, if you’re concerned about your other online accounts and they don’t offer password-free options like Microsoft, there are other steps you can take to improve security. For example, using a password manager to create long, unique, and impossible-to-guess passwords for each website can go a long way in improving your online security. You can learn more about some password managers at the links below:

Other options that can help include two-factor authentication (2FA). It’s not a perfect system, but adding another layer of security can help keep your accounts safe even if someone gets your password.

Source: Microsoft


Leave a Reply

Your email address will not be published. Required fields are marked *