Today Microsoft has taken the leap into moving towards a passwordless society. Used by over 83% of companies in the UK, the tech giant has now confirmed that Windows 10 is officially getting rid of passwords.
Starting this week, Microsoft is rolling out a preview build of Windows 10 to members of the Windows Insider Fast Ring that brings passwordless account sign-in right now. This is brilliant news, finally an organisation the size of Microsoft are now embracing the message that Veridium have held for years, that password free authentication is the future. Hopefully others
will follow suit. Veridium have worked tirelessly over the years to bring password free authentication to employees and consumers, we recognise that passwords are problematic to both users and businesses. Password management can be extremely expensive and is a weak link in IT and cyber security.
We have seen biometrics gain massive traction over the last couple of years, through fingerprint and facial recognition technology on both mobile phones and laptop devices, but in essence the biometric validation provides the system with a capability to “replay” your password. While users may experience what appears to be a password free environment using TouchID on their mobile phone, in essence their fingerprint is just allowing Apple to replay your PIN or password stored on the phone. While delivering convenience and arguably, improved security, the fact that the password still actually exists, leaves an attack vector open for malicious activity. Just because you use your fingerprint or face to login to your banking application doesn’t mean that a potential criminal couldn’t log on as you via the desktop site using your username and password.
While Microsoft embracing a genuinely password free environment for logging onto the Windows 10 desktop is exceptional news and will help improve user experience and heighten security – gaining access to the desktop is just the start of the process.
I’m certain Microsoft will create a password free capability for all of their applications, however it’s the hundreds of other non-Microsoft applications within the enterprise that require a password free approach to get to where we really should be in terms of security and ensuring we as users never have to click on the “forgot my password” link ever again.