Did you know that World Password Day was May 5? Did you celebrate by screaming at your computer when you couldn’t remember yet another password? Take heart! If you are sick of passwords, Microsoft is looking for frictionless ways to eliminate passwords entirely.
According to a recent interview with Microsoft’s Libby Brown, who is a senior product manager, Microsoft is looking into increased use of an individual’s mobile device as a “passkey,” leveraging the native gesturing and biometric technologies found in mobile devices today.
Wait. Does that mean my face is going to be my password for everything? If I’m sick of passwords, will I be able to replace them all with my thumbprint?
Those days may be coming, my friend.
In the interview, Libby says,
“Passwords have been in our systems now since the 1960s. It’s going to take us a little while to kill them off. But multidevice credentials, which some refer to as passkeys, really are that next thing that will enable us to do that.
Most of us have a mobile device in our hands for the better part of the day, and we’re working to take advantage of the native biometrics on that device, whether it’s touch ID or face ID, or the Windows Hello gesture that you might use on your PC.
We’re trying to use the native gesture on that device that everyone is familiar with, backed by this modern use of public-key cryptography, to keep you secure.
Then I can use my phone as a passkey to sign in on my phone or to another device such as my Windows PC, or the Mac at my mom’s house, and it’s just seamless and ubiquitous. And when you think about the companies that have been involved—whether that’s Microsoft, Apple, Google—we’ve been in this from the very beginning and now we’re looking at more than six billion devices being able to use these standards-based multidevice credentials. When you look at those numbers and that scope and scale, it’s just pretty mind-boggling how we can transform in the next few years.”
Good News for People Who Are Sick of Passwords
This is good news because we know that people simply don’t want to create unique passwords for each and every application, system, platform, etc. This innovation is equally damning for cybercriminals, because their malicious campaigns would be unsuccessful without access to both an endpoint and the user’s mobile device.
Microsoft’s goal is to create a frictionless way to transition to a world without passwords.
That is a fabulous goal. But, let’s get back to reality for a moment.
Are Your Law Firm’s Passwords Safe? Free Test from KnowBe4
Until this passwordless nirvana arrives, we still need to be proactive about password security. (In other words, we will all be sick of passwords for a little bit longer.)
Do you know if your employees’ passwords are strong? KnowBe4’s complimentary Weak Password Test (WPT) checks your Active Directory for several different types of weak password related threats.
Here’s how it works:
- Just download the install and run it.
- Results in a few minutes!
- Tests against 10 types of weak password related threats
- Report shows the accounts that are affected.
- Does not show/report on the actual passwords of accounts.
If you’d like to run this free KnowBe4 test at your firm, just drop me an email and we’ll get you set up! Doug@SavvyTraining.com