Microsoft announced that users can now completely disable the password in their account, replacing it with logging in through an application on a smartphone, biometric sensors on a Windows computer, notifications or a hardware token. According to the company, this will increase account security and protect users from phishing attacks.
The standard method for logging into Internet services implies that the user enters a login, indicating which account he wants to log into, and a password that confirms his identity. This scheme has long been considered outdated, so IT companies have been trying to move away from it in favor of other solutions for many years. The main problem with the traditional combination of username and password is that many people use very simple and repeated passwords, and for several years in a row 123456 has remained the most popular password in the world. a fake version of the site where the user enters a password.
The most popular way to increase the security of accounts is to use two-factor authentication, in which the user, in addition to the password, needs to present one more confirmation of his identity, for example, enter a code from an SMS message or insert a hardware token into a computer. But in recent years, leading IT companies have begun to lean toward the idea that they should ditch passwords altogether. For example, two years ago Google began to offer access to biometric data without a password, Yandex offers to log into its accounts using a QR code, and Microsoft a few months ago began testing the password cancellation function on commercial accounts in favor of several other login options. Now, after successful testing, the company has allowed ordinary users to get rid of the password.
To disable the password, you need to install the Microsoft Authenticator application on your smartphone and log in to your account. Then you need to go to the “Advanced security settings” section and enable the “Account without password” function.
After deactivating the password, the login process becomes similar to the way to log into your Google account: a notification is sent to your smartphone, in which you can confirm or reject the login. In addition, you can sign in with your fingerprint or face using Windows computers, hardware tokens, and email or phone notifications.
Even if the user refused to use the password, he can set the password again at any time and return to the old login scheme.
While passwords are still the standard method of logging into accounts, researchers are coming up with new ways to make them more secure without much effort. For example, in one study, researchers found that if users see their password compared to other people’s passwords, they tend to choose a more complex combination.