Light Dark
October 19, 2021 By Josh Nadeau 4 min read
Data Protection
Fraud Protection
Identity & Access
Risk Management
Security Services

Passwords are becoming a dying breed. In a recent article from Microsoft, they announced that they are putting aside their decades-old practice of forcing users to sign in with a password to use the business and personal applications suite — one of the most popular software packages on earth. Passwordless authentication is becoming the new normal. Take a look at the pros and cons that come with it.

For many people, this move by Microsoft has created many questions around digital security. It is unclear exactly when all passwords will go extinct for good. But it does seem clear that the end may be near for identity protection through passwords as we know it today.

Why Is Microsoft Dropping Password Security?

The world of password security is changing, and Microsoft wants to help users evolve along with it. For example, Skype for Android rolled out a new method called passwordless authentication in the latest versions, removing passwords by letting users log in with their mobile device or fingerprint instead. But what about desktop users? Passwordless authentication is Microsoft’s answer to this dilemma by allowing Windows Hello (which uses biometrics) as another verification method in applications like Office, Outlook, Skype or even third-party applications that integrate with Microsoft’s suite of digital products.

Microsoft’s decision to remove passwords may seem like a radical move. However, there are many reasons why it needs to happen. For one thing, the increasing amount of attacks on password databases is making it more difficult to keep passwords secure. In addition, some people find it difficult to remember complex passwords with numbers, symbols and letters. Other people may choose to use password hints or easily guessable words to make them easier to remember. These are contrary to the security standards that Microsoft desires. Passwordless authentication is a solution for both users and developers.

Potential Risks in Passwordless Authentication

While passwordless authentication has many benefits for both users and developers, it is not without its risks. The most pressing risk of moving away from passwords is the potential for attacks on mobile devices or biometric scanners. Threat actors are constantly trying to find ways around these new walls to gain access to user data. If they can compromise a device (or even one single fingerprint reader), then all information stored within — including business documents, banking details, personal messages, etc. — will be at their fingertips.

Another concern surrounding Microsoft’s move away from passwords is identity theft and phishing scams. These rely on user-inputted credentials as an entry point into networks. This means that if threat actors obtain this type of information, they can use it for malicious purposes. However, some experts believe this risk is offset because threat actors are more likely to attack passwords on known databases rather than attempt phishing scams or other types of identity theft, which may not yield as much financial gain.

The Perceived Benefits of Passwordless Security

One major benefit that comes from getting rid of traditional identity protection is user convenience. No longer will users have to deal with complex passwords or sign in each time they need to log in. This makes workers more productive and saves time, which leads to better business practices for everyone involved. Microsoft considered that important in its decision-making process regarding this new approach.

Another major perk of adopting passwordless authentication is security itself. It makes it much more difficult for threat actors who rely on guessing weak passwords. The added layers of verification also make it harder to gain unwanted access. If threat actors somehow gain access to user data, they can’t use it for malicious purposes without more verification (e.g., a fingerprint scan).

Passwordless authentication also reduces the risk of data exposure or identity fraud if a password is somehow compromised. When user passwords are stored on company servers, there’s always a risk that unauthorized parties can access their personal information. That isn’t the case with biometric authentication because it is not stored anywhere but on its respective device.

There are many other benefits that can result from passwordless authentication. However, it’s essential to recognize that this new approach isn’t the right choice for everyone. Passwordless authentication is more secure than older methods. Still, password protection might be a better option for some. It suits a business with minimal security needs that wants as little resistance from users as possible.

What Is the Future of Identity Protection in 2022 and Beyond?

So, society may move away from passwords as our primary form of identity protection. What’s next? Other forms of biometric verification will become more and more common. These might be retina scans or fingerprints. Passwordless authentication will continue to be the go-to choice for businesses looking to better protect their user data. However, organizations must understand all their benefits and risks before making this decision. After all, there are still many pros and cons connected with switching over entirely.

Passwordless authentication will continue to become the norm in the coming years. While this approach does involve its fair share of cons, it’s a more secure way of protecting user data. That is becoming more important as technology advances and becomes even more interconnected with our daily lives. Password protection has worked pretty well up until now. Still, businesses want customers to feel safe about their personal information being protected. Therefore, passwordless verification might be a better option. It offers users added security while still maintaining convenience.

Passwordless Authentication Isn’t Leaving

Passwordless authentication is here, and it’s not going anywhere. With the growing concern of attackers gaining access to our data, it’s vital that businesses realize the benefits of this new approach. Next, they need to know how to implement it properly. While passwordless authentication does have its downsides, in the end, it’s a much more secure way of protecting user data. Meanwhile, other large software companies may or may not quickly adopt Microsoft’s new philosophy or move away from passwords slowly.

 |  |  |  | 
Josh Nadeau
Cybersecurity Writer

More from Data Protection
January 2, 2025

Preparing for the future of data privacy

4 min read - The focus on data privacy started to quickly shift beyond compliance in recent years and is expected to move even faster in the near future. Not surprisingly, the Thomson Reuters Risk & Compliance Survey Report found that 82% of respondents cited data and cybersecurity concerns as their organization’s greatest risk. However, the majority of organizations noticed a recent shift: that their organization has been moving from compliance as a “check the box” task to a strategic function.With this evolution in…

December 20, 2024

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

December 3, 2024

Third-party access: The overlooked risk to your data protection plan

3 min read - A recent IBM Cost of a Data Breach report reveals a startling statistic: Only 42% of companies discover breaches through their own security teams. This highlights a significant blind spot, especially when it comes to external partners and vendors. The financial stakes are steep. On average, a data breach affecting multiple environments costs a whopping $4.88 million. A major breach at a telecommunications provider in January 2023 served as a stark reminder of the risks associated with third-party relationships. In…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature