No password for Microsoft Account: What does passwordless authentication mean?

Be it signing into a social media account, mobile banking, or our workplace, all our online accounts require a username and password. And creating a new, different password for every account is turning out to be a challenge -- a reason, most of us end up reusing passwords across accounts. According to a Ponemon Institute study, people reuse an average of five total passwords, both business and personal. This means a single compromised password can create a chain reaction of liability. As passwords are one of the weakest links, technology giants like Microsoft are moving towards eliminating passwords altogether.
 
For instance, 90 per cent of Microsoft employees globally sign into corporate systems, resources, and applications sans a password, which has helped Microsoft become less of a target for attackers. After announcing the availability of passwordless sign in for commercial users, Microsoft has now extended this to consumers too by allowing them to completely remove the password from their Microsoft account. While this feature will be rolled out over the coming weeks, here’s what passwordless uthentication actually means.
 
Passwordless authentication is a form of multi-factor authentication that replaces the password with a secure alternative. It is a technology that verifies a user account using a combination of more secure authentication factors such as a fingerprint, PIN, device specifications or its location, and digital tokens, among others. This type of authentication requires two or more verification factors to sign in that are secured with a cryptographic key pair. The device creates a public and private key when registered. The private key can only be unlocked using a local gesture such as a biometric or PIN. Users have the option to either sign in directly via biometric recognition -- such as fingerprint scan, facial recognition, or iris scan -- or with a PIN that’s locked and secured on the device.
 
“Passwordless authentication methods are more convenient because there's no password to remember, and they're compatible across most devices and systems. Plus, they're virtually impervious to phishing. Passwordless authentication is a form of multi-factor authentication (MFA) that replaces passwords with two or more verification factors secured and encrypted on a user’s device. The credentials never leave the device, eliminating the risk of phishing,” explains Irina Ghose, Executive Director, Cloud Solutions, Microsoft India.
 
For consumers to completely remove passwords from their Microsoft accounts, they will have to use the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to their phone or email to sign in to apps and services, such as Microsoft Outlook, Microsoft OneDrive, Microsoft Family Safety, and more.

Also read: Microsoft rolls out talent programme to empower Indian youth with tech skills
Also read: Infosys, Microsoft to drive strategic cloud transformation in Australia