The cloud is safer without your passwords. That’s the message from Microsoft, which announced at last week’s Ignite developers conference that it is making passwordless login to its Azure cloud platform standard via Azure Active Directory.
Microsoft has become a powerful advocate for the security advantages of passwordless authentication, a form of multi-factor authentication (MFA) that replaces passwords with two or more verification factors secured and encrypted on a user’s device, such as a fingerprint, facial recognition, a device pin, or a cryptographic key. Microsoft reports that users of MFA are 99.9% less likely to be compromised than those who don’t adopt two or more means of verification.
By contrast, Microsoft maintains, “Passwords are becoming a relic of the past. The use of passwords leaves us increasingly more vulnerable as we become more predictable in generating them. Trying to combat this with requirements for stronger complexity and frequent updates makes it harder to be productive, drives up already-high costs in password maintenance and support — and still isn’t enough to keep up
with current cybersecurity threats.”
Indeed, Microsoft says, 81% of hacking-related breaches used either stolen or weak passwords.
Microsoft’s push for a working life beyond passwords comes in the wake of recent hacking attacks on Microsoft Exchange Server as well as the massive attack on SolarWinds software that the developer blamed on a shoddy password created in 2019 by an intern.
Bottom line: If you want to help your buyers stay on the right side of history, support their migration away from passwords. (Petri’s Russell Smith offers this handy explainer for using the Microsoft Authenticator app to make the move.) Meanwhile help them with end-user messaging that all those passwords gathering dust in fading memories or on Post-Its are far less secure than the new password-free methods their enterprise supports.
It may seem counterintuitive to some old-school users to log in without a password, but MFA is crucial to the health of your clients’ organizations as attacks grow ever more sophisticated and passwords grow ever less equal to the task of enterprise security.