Microsoft is making Windows 10 passwordless

[Karlston]

Microsoft is making Windows 10 passwordless

It’s part of a bigger push to get rid of passwords

Photo by Amelia Holowaty Krales / The Verge

Microsoft is planning to make Windows 10 PCs work without passwords. While the company has been working on removing passwords from Windows 10 and its Microsoft Accounts for a number of months now, the next major update to Windows 10 next year will go one step further. You’ll soon be able to enable a passwordless sign-in for Microsoft accounts on a Windows 10 device. This means PCs will use Windows Hello face authentication, fingerprints, or a PIN code. The password option will simply disappear from the login screen, if you decide to opt in to this new “make your device passwordless” feature.

 

So why does Microsoft want people to stop using passwords to log into Windows 10 PCs? It’s really simple: passwords suck. People love to reuse them across every website and on their personal devices, and although we have a number of two-factor authentication methods available, it’s still difficult to convince people to use them.

Microsoft argues that a PIN code is far more secure than a password, even if it seems more simple to use a four-digit code. This is thanks to unknown variables and the fact that the code is stored on a device and not shared online. Windows 10 stores your private key on a device with a Trusted Platform Module (TPM), which is a secure chip that keeps a PIN local to your device only. Servers can be compromised and passwords stolen, but a Windows Hello PIN wouldn’t be affected.

 

Microsoft has been slowly trying to convince Windows 10 users to opt into two-factor authentication processes like basic SMS, a separate Microsoft Authenticator app, Windows Hello, or even physical security keys with the FIDO2 standard. With the latest Windows 10 May 2019 Update, you can even set up and sign into a Windows 10 PC with just a phone number on a Microsoft Account.

 

Microsoft is now planning to allow people to remove the password option entirely from the Windows 10 login screen. This will also extend to business users through Azure Active Directory, allowing businesses to go fully passwordless with security keys, the authenticator app, or Windows Hello.

 

It’s all another step toward a future where hopefully we don’t have to worry about remembering complex passwords, having a password manager, or avoiding reusing passwords. If Microsoft, Apple, and Google have their way then we’ll be using our eyes, fingers, or physical keys that we posses to get into our accounts and devices instead of passwords.

 

Update, July 11th 12:40PM: Article updated with more information about passwordless for business users.

 

 

 

Source: Microsoft is making Windows 10 passwordless (The Verge)

[mp68terr]

17 minutes ago, Karlston said:

...the code is stored on a device and not shared online. Windows 10 stores your private key on a device with a Trusted Platform Module (TPM), which is a secure chip that keeps a PIN local to your device only. Servers can be compromised and passwords stolen, but a Windows Hello PIN wouldn’t be affected.

 

Then why not applying this technology to passwords too?

 

Good comment when one follows the link to PIN more secure than a password:

Quote

Joe Dreyfus
Microsoft's pin can contain letters too--all of the characters a password can, so it's not a Personal Identification Number. It's a password. The entropy is the same. The difference is just that they are doing different things with it than they were before--namely using it with a TPM. Even the idea of not transmitting it to a server is not new--that's just how passwords worked before internet accounts (and even long after that). Calling it a pin instead of a password appears to be a marketing gimmic.