Microsoft are pushing for users to remove their password from their account in order to make it more secure. This technology is done through the Microsoft Authenticator app. They are claiming that it makes your account more secure because many people still use weak passwords, despite all top security experts’ advice.
Passwords are effective and secure if done correctly, however many people choose convenience over security. Insecure passwords can still clear many websites filters because they use a combination of symbols, numbers and letters. However, many people use the same formula to create passwords across websites, or even use the same password across websites.
If there was to be a data breach and this password got out onto the wider internet, it would be available for attackers to simply log in to your account as if was you making the attempt to log in. If the account did not have 2 Factor Authentication then the attacker would have full access to it. This shows that the majority of the time it is users that are the weakest link in security and the target for Cyberattackers to gain access to accounts.
Accounts without 2 Factor Authentication are simply not secure enough in 2021 as more and more services require accounts; it becomes harder not to fall into the trap of reusing passwords.
Microsoft aims to tackle this issue by simply removing passwords all together. They have done this by requiring the Microsoft Authenticator app to be installed on the account holder’s smartphone. When using this service to log in, a biometric log in (fingerprint or facial recognition) is required making it near impossible for attackers to log in as only you can provide the right response.
Recovery options are made available if access to the Authenticator app is lost, such as a lost or damaged smartphone through either a recovery SMS or a physical security key. Security conscious users are advised by Microsoft to have two different recovery methods to ensure that they are not locked out of their accounts.
Microsoft’s implementation of this service has left many users in confusion with potentially misleading messages. When enabling this service, a pop up appears informing you that ‘you have increased the security of your account and improved your sign-in experience by removing your password’. This message can be confusing as passwords have always been pushed as best practice and most secure. Whilst a password is better than nothing, methods like using 2FA sign in are starting to become not only more convenient, but also more secure as they require biometric data only you can produce.
We recommend enabling 2 Factor Authentication on all your accounts and making any password you do need to use unique and strong.
Find out how Cyber Wise can help make your business more secure or get in touch at email@example.com or call 0161 476 8276.