Jump to content
  • Microsoft: Please ditch passwords completely


    Karlston

    • 766 views
    • 3 minutes
     Share


    • 766 views
    • 3 minutes

    Almost every year, Microsoft publishes a blog post emphasizing the need to ditch passwords completely and transitioning to modern forms of authentication such as password-less sign-in and multi-factor authentication (MFA). On World Password Day this year, the company has once again written a piece about this transition and encouraged customers to ditch passwords altogether.

     

    In a blog post, Microsoft's Corporate Vice President, Security, Compliance, Identity, and Management Vasu Jakkal writes that passwords are the most common attack surface for malicious actors and there are 921 attempts on them every second - this frequency has doubled since last year. Additionally, passwords are hard to remember and keep track of, especially if you're working in a heterogeneous environment.

     

    Last year, the Redmond tech giant rolled out the capability to remove passwords from your Microsoft Account and yesterday, it also partnered with Google and Apple through the FIDO Alliance and the World Wide Web Consortium to develop and support a common password-less standard.

     

    1651821456_64-647021_light-colour-backgr

     

    For now, Microsoft is encouraging customers to consider ditching passwords completely and instead using Windows Hello, security keys, and multi-factor and password-less authentication via the Microsoft Authenticator app.

     

    However, if you do intend to keep using passwords in the near future, Microsoft has recommended the use of Password Generator in Microsoft Edge as well as the following criteria for any new password you configure:

     

    • At least 12 characters long
    • A combination of uppercase and lowercase letters, numbers, and symbols
    • Not a word that can be found in a dictionary, or the name of a person, product, or organization
    • Completely different from your previous passwords
    • Changed immediately if you suspect it may have been compromised

     

    The third tip in the list above is rather interesting because last year, the UK government was actually encouraging people to use passwords that are a combination of three random, but real, words. Another interesting approach that Microsoft has recommended is that people should give off-topic answers to security questions to throw off attackers. For example, in a security question about your birthplace, you could answer with "Green". This ensures that even if an attacker has access to some of your basic info, they probably won't be able to answer your security questions. That said, the difficulty in this approach also relates to memorizing off-topic answers.

     

    Overall, Microsoft has still reiterated that password-less sign-in will soon become the norm so it's better to start adjusting to this new reality right now.

     

     

    Microsoft: Please ditch passwords completely


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...