In a digital age, companies need to ask what technologies are still relevant to them – and passwords are no exception. In fact, in the current day-and-age, passwords are more trouble than they are worth; and significant steps are being taken to replace them.
The Problem with Passwords
This infographic helps detail the changing face of passwords in corporate cybersecurity. It reveals that people typically fall into one of two categories; those who use one password for every account, and those who use different passwords for their accounts. The issue with that is this – neither approach is very good. People with poor password hygiene, or those who rarely change passwords, face significantly higher security threats than those who have good password hygiene. However, this good is still not great because conventional methods of cybersecurity are no longer as effective as they used to be, or indeed, as effective as they need to be. The solution is to reduce password use until it can be eliminated completely.
Now though, users are overwhelmed with accounts – each of which has passwords. A decade ago, most people only had two passwords to remember; those for banking and email. Now, there are passwords for social media, work, banking, phone, government security, and much more. Managing and remembering these passwords can be tricky – and even if they are ‘strong’ passwords, they can still easily be hacked and broken into. This is because passwords themselves are not unique and typically follow a pattern. This makes cracking them easy. By replacing passwords with other secure methods of access, companies can not only improve their security, but they can also enhance efficiency and reduce their costs too.
Removing passwords creates a more streamlined user process without compromising security. It also allows IT, administrators, to monitor and manage user profiles more effectively, saving time and money that would otherwise be spent updating accounts, devices, and networks with ever-changing passwords.
The Microsoft Plan
Microsoft has laid out a four-step plan for a future without passwords. This plan can help businesses not only understand how they can transition forward without passwords but also how they can utilise existing strategies to do so. The goal is to devalue passwords and replace them with something more effective; with strategies that make attacks more difficult but that also improve usability.
- Develop Password-Replacement Offerings: This involves finding alternatives for passwords that are secure and appropriate for a digital environment.
- Reduce the Password Surface Area: Microsoft is aiming to upgrade all elements associated with a user’s identity, including how they provision accounts, set up devices, and access networks – all without password replacements.
- Encourage a Lack of Passwords: This is done by helping end users and IT administrators transition into a cybersecurity strategy that lacks passwords – and training them on how to reduce risk in this new environment.
- Eliminate Passwords: The final frontier of a passwordless climate is to remove them from identity directories.
Microsoft made a move to reduce and remove password use with Microsoft Hello, a biometric facial recognition solution introduced with Windows 10. Hello uses biometric sensors to identify users, based around fingerprints and face scanning. The Authenticator app also allows users to log into their Microsoft desktop accounts using their phone. FIDO came next, presenting an update for Hello that utilises security keys for more secure authentication.
Other ways to reduce and remove passwords is by engaging with:
- Multifactor authentication
- Passwordless login processes
- Risk-Based Authentication
In coming months and years, we will see a rise in password-less security methods and the evolution of cybersecurity. This evolution can only be a good thing, especially for companies who are prepared to engage with Digital Transformation and make the most of a Future Workplace. Microsoft is already helping create a world where passwords are replaced with secure user credentials, reducing risk and improving end-to-end user experiences. With a more convenient, secure, and cost-effective future at hand, all business leaders should be looking into how passwords contribute to their long and short term security strategies.