Usernames and passwords are an integral part of the computing world. They are the easiest and most common way to confirm a user’s identity and determine whether access to a given resource can be granted. Passwords have been used for centuries. There are here for good and not even Microsoft’s noble move to get rid of them is going to change that.
Microsoft’s passwordless login
Recently Microsoft made an important change to their Microsoft accounts which will be required on Windows 11. You can now login into your account without using a password. Previously you could use other forms of authentication only for 2-factor authentication and still needed to enter a password.
Now you just need two forms of authentication/verification to log in. These can be in the form of the Microsoft Authenticator app which you can install on your phone/tablet, Windows Hello/fingerprint/biometric identification, a security key or SMS/email verification code. The Microsoft Authenticator app is required. You can combine it with any other form of verification including SMS/Email authentication.
To start using Microsoft’s passwordless logins you need to follow these steps:
- Install the authenticator app on your Android or iOS phone
- Log into the app using your Microsoft account. Using your username and passord (😂😂😂😂 told you passwords are here for good didn’t I)? If you don’t have a Microsoft account you will need to create one. There you will also have to enter a username and password.
- Once you are logged into the app, go to Advanced Security Options
- Click Turn On in the Passwordless Account box
- Next click follow the prompts and then Aprove confirmation request which is sent to the phone with the app
That’s all there is to it. You can now login into your Microsoft account without a password.
Passwords are here for good
As I pointed out, in a rather sarcastic way above, you will still need passwords in order to get by in the computing world. You will need one in order for you to be able to set up passwordless authentication for example. There are also devices and services that will still ask for a username and password and for these Microsoft allows you to set up an app-specific password.
The stated goal of all this changeover is that passwords remain one of the easiest ways for hackers and bad actors to get unauthorised access into your system. This is because we as humans are not wired to remember complex passwords like tqXQ42@NCoL5eT&F#wS9iAvQgpWq instead we use our pet names and years that are important to us. Such passwords are easy to guess.
Personally, I am not convinced this whole passwordless thing is the way to go. Someone who is dumb enough to use their pet name as a password is certainly dumb enough to click on a phishing link, give away their personal information to a Nigerian Prince, not update their antivirus and is install cracked software. Giving them passwordless authentication is not going to make them any safer.
Besides biometric authentication is not always the best form of authentication. Your fingerprint can be forcefully used to unlock your phone or laptop. We have seen repressive police forces do this. Of course, they can always beat the password out of you but with any luck, you can actually make it harder for them. Windows Hello is a joke they just need to put you in front of your computer for it to unlock and spill its juicy secrets. With some crappy Chinese devices, even a photo of you will work too.
For all their flaws passwords, especially when done right, are still the easiest, most acceptable way to secure your accounts/systems. There are no less secure than other methods of authentication. In fact, I think for the most part they are superior.