[TheRecord] Microsoft to let users completely remove account passwords and go passwordless

Microsoft has announced today that it intends to let users remove the passwords from their Microsoft accounts and go passwordless.

In a change that will be rolled out in the coming weeks, Microsoft said that users would be able to remove the password from their consumer account and choose an alternative authentication option instead, such as:

security keys;verification codes sent via email or SMS;the Windows Hello biometrics system;or the Microsoft Authenticator mobile app.

Today’s news comes after Microsoft piloted this new setup earlier this year, in March 2021, when it allowed Azure enterprise users to ditch passwords for safer alternatives.

Prior to its deployment in March and today, the feature had been widely requested by Microsoft’s enterprise customers.

System administrators and security engineers previously asked for a way to secure accounts against brute-force password-guessing attacks, which have been common after hackers dumped billions of user credentials on the public internet over the past decade.

In a blog post today announcing the move, Vasu Jakkal, Corporate Vice President for Microsoft Security, Compliance, Identity, and Management, said Microsoft is currently seeing a whopping 579 password attacks every second, amounting to 18 billion every year.

Jakkal blamed the situation on today’s authentication conundrum where users struggle with remembering account passwords and typically chose to reuse the same password for multiple accounts or use simple passwords — which are easy to guess by attackers.

“One of our recent surveys found that 15% of people use their pets’ names for password inspiration,” Jakkal said.

“Other common answers included family names and important dates like birthdays. One in 10 people admitted reusing passwords across sites, and 40% say they’ve used a formula for their passwords, like Fall2021, which eventually becomes Winter2021 or Spring2022,” he added.

Microsoft findings aren’t unique, and several other similar studies have found that users, in general, are pretty bad at choosing passwords, with the most common password found in public data breaches being “123456” for each of the last six years [12].

The post Microsoft to let users completely remove account passwords and go passwordless appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[HackerNews] Latest Atlassian Confluence Flaw Exploited to Breach Jenkins Project Server

All posts, HackerNews

The maintainers of Jenkins—a popular open-source automation server software—have disclosed a security breach after unidentified threat actors gained access to one of their servers by exploiting a recently disclosed vulnerability in Atlassian Confluence service to install a cryptocurrency miner. The “successful attack,” which is believed to have occurred last week, was mounted against its Source: […]

Read More

[ZDNet] US Senate confirms Jen Easterly as head of cyber agency

All posts, ZDNet

Easterly brings both corporate and military experience to the Cybersecurity and Infrastructure Security Agency Source: Read More (Latest topics for ZDNet in Security)

Read More

Daily NCSC-FI news followup 2019-07-23

4 Practical Steps for Shift Left Security blog.paloaltonetworks.com/2019/07/4-practical-steps-shift-left-security/ Since the beginning of modern computing, security has largely been divorced from software development. Recent vulnerability research confirms this. Consider that over the past five years, out of all published vulnerabilities, 76% were from applications. Given this radical shift in attacker focus, its time to embed security […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.