Light Dark
October 19, 2021 By Josh Nadeau 4 min read
Data Protection
Fraud Protection
Identity & Access
Risk Management
Security Services

Passwords are becoming a dying breed. In a recent article from Microsoft, they announced that they are putting aside their decades-old practice of forcing users to sign in with a password to use the business and personal applications suite — one of the most popular software packages on earth. Passwordless authentication is becoming the new normal. Take a look at the pros and cons that come with it.

For many people, this move by Microsoft has created many questions around digital security. It is unclear exactly when all passwords will go extinct for good. But it does seem clear that the end may be near for identity protection through passwords as we know it today.

Why Is Microsoft Dropping Password Security?

The world of password security is changing, and Microsoft wants to help users evolve along with it. For example, Skype for Android rolled out a new method called passwordless authentication in the latest versions, removing passwords by letting users log in with their mobile device or fingerprint instead. But what about desktop users? Passwordless authentication is Microsoft’s answer to this dilemma by allowing Windows Hello (which uses biometrics) as another verification method in applications like Office, Outlook, Skype or even third-party applications that integrate with Microsoft’s suite of digital products.

Microsoft’s decision to remove passwords may seem like a radical move. However, there are many reasons why it needs to happen. For one thing, the increasing amount of attacks on password databases is making it more difficult to keep passwords secure. In addition, some people find it difficult to remember complex passwords with numbers, symbols and letters. Other people may choose to use password hints or easily guessable words to make them easier to remember. These are contrary to the security standards that Microsoft desires. Passwordless authentication is a solution for both users and developers.

Potential Risks in Passwordless Authentication

While passwordless authentication has many benefits for both users and developers, it is not without its risks. The most pressing risk of moving away from passwords is the potential for attacks on mobile devices or biometric scanners. Threat actors are constantly trying to find ways around these new walls to gain access to user data. If they can compromise a device (or even one single fingerprint reader), then all information stored within — including business documents, banking details, personal messages, etc. — will be at their fingertips.

Another concern surrounding Microsoft’s move away from passwords is identity theft and phishing scams. These rely on user-inputted credentials as an entry point into networks. This means that if threat actors obtain this type of information, they can use it for malicious purposes. However, some experts believe this risk is offset because threat actors are more likely to attack passwords on known databases rather than attempt phishing scams or other types of identity theft, which may not yield as much financial gain.

The Perceived Benefits of Passwordless Security

One major benefit that comes from getting rid of traditional identity protection is user convenience. No longer will users have to deal with complex passwords or sign in each time they need to log in. This makes workers more productive and saves time, which leads to better business practices for everyone involved. Microsoft considered that important in its decision-making process regarding this new approach.

Another major perk of adopting passwordless authentication is security itself. It makes it much more difficult for threat actors who rely on guessing weak passwords. The added layers of verification also make it harder to gain unwanted access. If threat actors somehow gain access to user data, they can’t use it for malicious purposes without more verification (e.g., a fingerprint scan).

Passwordless authentication also reduces the risk of data exposure or identity fraud if a password is somehow compromised. When user passwords are stored on company servers, there’s always a risk that unauthorized parties can access their personal information. That isn’t the case with biometric authentication because it is not stored anywhere but on its respective device.

There are many other benefits that can result from passwordless authentication. However, it’s essential to recognize that this new approach isn’t the right choice for everyone. Passwordless authentication is more secure than older methods. Still, password protection might be a better option for some. It suits a business with minimal security needs that wants as little resistance from users as possible.

What Is the Future of Identity Protection in 2022 and Beyond?

So, society may move away from passwords as our primary form of identity protection. What’s next? Other forms of biometric verification will become more and more common. These might be retina scans or fingerprints. Passwordless authentication will continue to be the go-to choice for businesses looking to better protect their user data. However, organizations must understand all their benefits and risks before making this decision. After all, there are still many pros and cons connected with switching over entirely.

Passwordless authentication will continue to become the norm in the coming years. While this approach does involve its fair share of cons, it’s a more secure way of protecting user data. That is becoming more important as technology advances and becomes even more interconnected with our daily lives. Password protection has worked pretty well up until now. Still, businesses want customers to feel safe about their personal information being protected. Therefore, passwordless verification might be a better option. It offers users added security while still maintaining convenience.

Passwordless Authentication Isn’t Leaving

Passwordless authentication is here, and it’s not going anywhere. With the growing concern of attackers gaining access to our data, it’s vital that businesses realize the benefits of this new approach. Next, they need to know how to implement it properly. While passwordless authentication does have its downsides, in the end, it’s a much more secure way of protecting user data. Meanwhile, other large software companies may or may not quickly adopt Microsoft’s new philosophy or move away from passwords slowly.

 |  |  |  | 
Josh Nadeau
Cybersecurity Writer

More from Data Protection
November 19, 2024

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

November 8, 2024

SpyAgent malware targets crypto wallets by stealing screenshots

4 min read - A new Android malware strain known as SpyAgent is making the rounds — and stealing screenshots as it goes. Using optical character recognition (OCR) technology, the malware is after cryptocurrency recovery phrases often stored in screenshots on user devices.Here's how to dodge the bullet.Attackers shooting their (screen) shotAttacks start — as always — with phishing efforts. Users receive text messages prompting them to download seemingly legitimate apps. If they take the bait and install the app, the SpyAgent malware gets…

November 7, 2024

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature