Microsoft Inches Toward a World Without Passwords
Microsoft on Tuesday announced the general availability of its phone sign-in for customers with Microsoft accounts — a system that could be the beginning of the end for passwords.
The new system requires that customers add their accounts to the Microsoft Authenticator app, which comes in both iOS and Android versions, noted Alex Simons, director of program management of the Microsoft Identity Division.
After supplying a username, a member will get a mobile phone notification. Tapping “approve” on the app will authenticate the member’s information.
The new phone sign-in process is easier than two-factor authentication, according to Simons. 2FA requires users first to enter passwords, and then to enter a code delivered via text or email.
The new process is safer than password-only systems, which can be forgotten, stolen for use in a phishing scheme, or otherwise compromised, he said.
Microsoft Authenticator, introduced last summer, started out as a replacement for earlier authentication apps, both for enterprise use in Azure AD and consumer use in regular Microsoft accounts. The initial version allowed fingerprint authentication in place of passcodes, and offered support for wearables including Apple Watch and Samsung Gear.
Setting up Microsoft’s new phone-in system is easy. If customers already have Microsoft Authenticator for their personal accounts, they can select the dropdown button on the account tile and select “enable phone sign-in.”
Android users will be prompted to set up the authenticator. iPhones will set up the authenticator automatically. Users who don’t have a phone available can elect to access their accounts using a password.
Microsoft has not made the phone sign-in system available to Windows Phone users.
Windows Phone makes up less than 5 percent of the active Authenticator Apps user base, Simons noted, so the company has prioritized iOS and Android. When the system achieves success on those two platforms, Microsoft will consider making it ready for Windows Phone.
The idea of moving away from passwords has been around for years, in part due to their vulnerability to hacking.
Microsoft CEO Satya Nadella and Cloud Platform General Manager Julia White discussed the idea of moving away from passwords at the Government Cloud Forum in November 2015.
Microsoft then employed Windows 10 Password to give customers a smart card level of threat detection, using the card as the first level of protection, then Windows Hello for confirmation through biometrics, such as face recognition, iris scanning or fingerprints.
Source | technewsworld