Microsoft reckons 2020 was a “breakthrough” year in moving away from the password-based authentication system that has ruled for the past six decades.
Fernando Corbato, an American computer scientist who was widely credited as the creator of the computer password, developed the Compatible Time-Sharing System (CTSS), which allowed people to share a computer’s processing power but which also required a way for those users to protect their private files.
While the computer pioneer helped people protect their files back in the ’60s, for the past decade the computer industry has been trying to get rid of them because people pick terrible passwords, databases get hacked all the time, and people tend to reuse the same passwords across low-value and high-value sites. That becomes a problem when hackers breach a database and discover the secret keys to millions of online accounts.
SEE: Network security policy (TechRepublic Premium)
Besides individual security risks from passwords, this method of authentication is expensive to manage in an organization too. Microsoft quote’s analyst firm Gartner’s figure that up to half of all help desk calls are for password resets.
For the past few years, Microsoft, Google, Apple and others have been trying to design ‘passwordless’ authentication under the Fast Identity Online (FIDO) Alliance.
Last year Microsoft revealed that 90% of its employees were using a passwordless authentication system. Two key passwordless technologies are Windows Hello biometrics for accessing Azure Active Directory (Azure AD) networks, and apps that support Microsoft Authenticator app and FIDO2-based security keys.
According to Microsoft, 150 million people are using Microsoft passwordless systems each month.
Microsoft’s next efforts to say goodbye to passwords include new tools to manage FIDO2 security keys that will help customers build ways for users to manage their own authentication methods, such as phone numbers and email addresses.
SEE: Lightning does strike twice: If you get hacked once, you’ll probably be attacked again within a year
According to Microsoft, the use of passwordless mechanisms in Azure Active Directory has grown by 50% for Windows Hello for Business, Microsoft Authenticator, and FIDO2 security keys.
Importantly, consumers are adopting passwordless too. In 2020, 84.7% of people opted for Windows Hello to sign in to Windows 10 PCs instead of a password, up from 69.4% in 2019.