Tech Gaming Report

Latest Tech & Gaming News

Nobody wants passwords.  Microsoft has implemented an authentication that a hacker cannot guess

Nobody wants passwords. Microsoft has implemented an authentication that a hacker cannot guess

123456, password or 1q2w3e. These are some of the most common passwords. It goes without saying that these passwords are weak and easy to guess. Therefore, online services often require a more complex password. They enforce it in several ways: the presence of capital letters, special characters, or, for example, a mandatory password change every three months.

But even that doesn’t usually lead to better passwords. You just give people wrinkles, they type the password somewhere or they will use a favorite password over and over with slight changes. And then when some service leaks the credentials database, which is juice quite often, hackers do it safely. If you repeatedly use the same or similar password, attackers will log into it without any major problems.

Microsoft: Try it without password

A good solution is so-called two-step authentication. The first step is to log in with an email and password. In the second step, you will use another device to verify that it is really you.

It can be a verification SMS, a code in the application or a special USB key. Experts advise enable two-step authentication whenever possible. Fortunately, it is enabled by almost every major service, including Facebook, Gmail, Seznam, or Microsoft.

However, it is Microsoft that has now taken two-step authentication even further. It offers to “skip” the first step, the password, and relies entirely on other methods to authenticate the user. That is, if you configure this option.

Upon Blog Microsoft Security was introduced by Vasu Jakkalová, Vice President of Security and Identity.

“Nobody likes passwords. They are cumbersome and easy targets for attackers. But for a long time, passwords have been the most important security of everything in our digital life. We are expected to create complex and unique passwords, remember them. and let’s change them frequently. But nobody likes that. “

Microsoft in the past permitted login without passwords for corporate clients. Now offer this opportunity to everyone. “You can now completely remove your password from your Microsoft account.”

How does it work

In essence, Microsoft took the existing two-step authentication option and skipped the password from step one. The user first enters the name and is then asked to verify their identity. The main authentication method is Microsoft Authenticator (available for free for Android I ios).

You can find the options in your account settings in the Security – Additional security section.

After entering your username, you will be asked to authenticate with a mobile phone which, of course, is locked with a code or other mechanism. “Only you can provide fingerprint authentication or provide the correct answer on your mobile phone at the right time,” Microsoft said in a press release.

To increase security, the login dialog will sometimes display a two-digit number. When you confirm on your phone, you select which number is displayed, which verifies that you have both devices in sight.

Remove the password completely?

If access to the authentication application is lost, for example if the phone on which it is installed is lost or stolen, you can use the backup options. These include Windows Hello facial recognition, a physical security key, or an SMS or email code login.

Ask for a username if you have an active two-step login.

At first glance, it might seem that bypassing the password will necessarily reduce the security of the account. And from a certain point of view, it is true, there is a “secret” that a hacker needs to know to access your account.

But Joy Chik, another vice president of Microsoft, Explainthat the password should be viewed as a security vulnerability. Any authentication that uses passwords is vulnerable to attacks that use the knowledge of those passwords.

Therefore, Microsoft recommends that you completely remove the password after enabling double authentication. But when I tried it on my account, for some reason it didn’t work. In either case, you can enjoy most of the benefits of passwordless login by enabling two-step authentication. It is no longer necessary to enter a password.

Alan Woodward, a professor at the University of Surrey, who is a member of the passwordless authentication research team, BBC Microsoft’s decision as a relatively “bold” step.

He noted that it’s not just about logging into personal computers, but also about internet services, including important ones like cloud storage. However, Woodward agrees that some change is needed in the current situation.

“We keep telling people how strong passwords look and how they are handled correctly. But it’s easy to say and hard to follow. Passwords are a decades-old concept and it may be time to start looking for another way. good that everyone started looking for a way to achieve it. “

See also  Philips Hue smart bulb loses Works with Nest integration on November 17th