Light Dark
October 19, 2021 By Josh Nadeau 4 min read
Data Protection
Fraud Protection
Identity & Access
Risk Management
Security Services

Passwords are becoming a dying breed. In a recent article from Microsoft, they announced that they are putting aside their decades-old practice of forcing users to sign in with a password to use the business and personal applications suite — one of the most popular software packages on earth. Passwordless authentication is becoming the new normal. Take a look at the pros and cons that come with it.

For many people, this move by Microsoft has created many questions around digital security. It is unclear exactly when all passwords will go extinct for good. But it does seem clear that the end may be near for identity protection through passwords as we know it today.

Why Is Microsoft Dropping Password Security?

The world of password security is changing, and Microsoft wants to help users evolve along with it. For example, Skype for Android rolled out a new method called passwordless authentication in the latest versions, removing passwords by letting users log in with their mobile device or fingerprint instead. But what about desktop users? Passwordless authentication is Microsoft’s answer to this dilemma by allowing Windows Hello (which uses biometrics) as another verification method in applications like Office, Outlook, Skype or even third-party applications that integrate with Microsoft’s suite of digital products.

Microsoft’s decision to remove passwords may seem like a radical move. However, there are many reasons why it needs to happen. For one thing, the increasing amount of attacks on password databases is making it more difficult to keep passwords secure. In addition, some people find it difficult to remember complex passwords with numbers, symbols and letters. Other people may choose to use password hints or easily guessable words to make them easier to remember. These are contrary to the security standards that Microsoft desires. Passwordless authentication is a solution for both users and developers.

Potential Risks in Passwordless Authentication

While passwordless authentication has many benefits for both users and developers, it is not without its risks. The most pressing risk of moving away from passwords is the potential for attacks on mobile devices or biometric scanners. Threat actors are constantly trying to find ways around these new walls to gain access to user data. If they can compromise a device (or even one single fingerprint reader), then all information stored within — including business documents, banking details, personal messages, etc. — will be at their fingertips.

Another concern surrounding Microsoft’s move away from passwords is identity theft and phishing scams. These rely on user-inputted credentials as an entry point into networks. This means that if threat actors obtain this type of information, they can use it for malicious purposes. However, some experts believe this risk is offset because threat actors are more likely to attack passwords on known databases rather than attempt phishing scams or other types of identity theft, which may not yield as much financial gain.

The Perceived Benefits of Passwordless Security

One major benefit that comes from getting rid of traditional identity protection is user convenience. No longer will users have to deal with complex passwords or sign in each time they need to log in. This makes workers more productive and saves time, which leads to better business practices for everyone involved. Microsoft considered that important in its decision-making process regarding this new approach.

Another major perk of adopting passwordless authentication is security itself. It makes it much more difficult for threat actors who rely on guessing weak passwords. The added layers of verification also make it harder to gain unwanted access. If threat actors somehow gain access to user data, they can’t use it for malicious purposes without more verification (e.g., a fingerprint scan).

Passwordless authentication also reduces the risk of data exposure or identity fraud if a password is somehow compromised. When user passwords are stored on company servers, there’s always a risk that unauthorized parties can access their personal information. That isn’t the case with biometric authentication because it is not stored anywhere but on its respective device.

There are many other benefits that can result from passwordless authentication. However, it’s essential to recognize that this new approach isn’t the right choice for everyone. Passwordless authentication is more secure than older methods. Still, password protection might be a better option for some. It suits a business with minimal security needs that wants as little resistance from users as possible.

What Is the Future of Identity Protection in 2022 and Beyond?

So, society may move away from passwords as our primary form of identity protection. What’s next? Other forms of biometric verification will become more and more common. These might be retina scans or fingerprints. Passwordless authentication will continue to be the go-to choice for businesses looking to better protect their user data. However, organizations must understand all their benefits and risks before making this decision. After all, there are still many pros and cons connected with switching over entirely.

Passwordless authentication will continue to become the norm in the coming years. While this approach does involve its fair share of cons, it’s a more secure way of protecting user data. That is becoming more important as technology advances and becomes even more interconnected with our daily lives. Password protection has worked pretty well up until now. Still, businesses want customers to feel safe about their personal information being protected. Therefore, passwordless verification might be a better option. It offers users added security while still maintaining convenience.

Passwordless Authentication Isn’t Leaving

Passwordless authentication is here, and it’s not going anywhere. With the growing concern of attackers gaining access to our data, it’s vital that businesses realize the benefits of this new approach. Next, they need to know how to implement it properly. While passwordless authentication does have its downsides, in the end, it’s a much more secure way of protecting user data. Meanwhile, other large software companies may or may not quickly adopt Microsoft’s new philosophy or move away from passwords slowly.

 |  |  |  | 
Josh Nadeau
Cybersecurity Writer

More from Data Protection
November 8, 2023

Data security tools make data loss prevention more efficient

3 min read - As businesses navigate the complexities of modern-day cybersecurity initiatives, data loss prevention (DLP) software is the frontline defense against potential data breaches and exfiltration. DLP solutions allow organizations to detect, react to and prevent data leakage or misuse of sensitive information that can lead to catastrophic consequences. However, while DLP solutions play a critical role in cybersecurity, their effectiveness significantly improves when integrated with the right tools and infrastructure. Key limitations of DLP solutions (and how to overcome them) DLP…

November 2, 2023

Defense in depth: Layering your security coverage

2 min read - The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on…

November 1, 2023

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

October 25, 2023

Cost of a data breach: The evolving role of law enforcement

4 min read - If someone broke into your company’s office to steal your valuable assets, your first step would be to contact law enforcement. But would your reaction be the same if someone broke into your company’s network and accessed your most valuable assets through a data breach? A decade ago, when smartphones were still relatively new and most people were still coming to understand the value of data both corporate-wide and personally, there was little incentive to report cyber crime. It was…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature