Microsoft marks today’s World Password Day by touting its progress in making fallible logon technology obsolete. In the past six months, the number of people who use Microsoft service but have dumped logon passwords has risen by half to 150 million.
What’s the alternative to traditional usernames and passwords? Microsoft now offers three no-password logon options for its online services on Windows machines: a hardware security key combined with Windows Hello face recognition technology or fingerprint ID; a hardware key combined with a PIN code; or a phone running the Microsoft Authenticator app.
Most of the people who dumped passwords are among the 800 million consumers using Microsoft consumer services like Outlook.com and Skype, but a chunk of the billion people at businesses using Microsoft logon technology have also dropped the insecure practice of memorizing strings of letters, digits and special characters, says Joy Chik, Microsoft’s corporate vice president for identity technology.
“It’s both secure and has the best experience,” she said of the reasons for moving to a passwordless authentication. Among Microsoft’s 150,000 or so employees, 90% have dumped passwords for their own authentication, she added.
World Password Day, observed on Thursday, is often used to prod us into better password security practices. But with post-password technology now maturing, we have a chance to leave behind a computer authentication technology that’s actually become a weak link in security.
There are plenty of password problems. Because we reuse passwords, hackers can often crack into multiple sites if they grab the credentials to one. A good password from the perspective of computer security — long, unique and unguessable — happens to be the hardest for humans to memorize and type. Password managers can help us cope with passwords to dozens or hundreds of online services in our lives, but they’re complex.
Microsoft and allies like security key maker Yubico are banging the post-password drum. It’s advice you’ll hear from consulting firms like Gartner, too.