[TheRecord] Microsoft to let users completely remove account passwords and go passwordless

Microsoft has announced today that it intends to let users remove the passwords from their Microsoft accounts and go passwordless.

In a change that will be rolled out in the coming weeks, Microsoft said that users would be able to remove the password from their consumer account and choose an alternative authentication option instead, such as:

security keys;verification codes sent via email or SMS;the Windows Hello biometrics system;or the Microsoft Authenticator mobile app.

Today’s news comes after Microsoft piloted this new setup earlier this year, in March 2021, when it allowed Azure enterprise users to ditch passwords for safer alternatives.

Prior to its deployment in March and today, the feature had been widely requested by Microsoft’s enterprise customers.

System administrators and security engineers previously asked for a way to secure accounts against brute-force password-guessing attacks, which have been common after hackers dumped billions of user credentials on the public internet over the past decade.

In a blog post today announcing the move, Vasu Jakkal, Corporate Vice President for Microsoft Security, Compliance, Identity, and Management, said Microsoft is currently seeing a whopping 579 password attacks every second, amounting to 18 billion every year.

Jakkal blamed the situation on today’s authentication conundrum where users struggle with remembering account passwords and typically chose to reuse the same password for multiple accounts or use simple passwords — which are easy to guess by attackers.

“One of our recent surveys found that 15% of people use their pets’ names for password inspiration,” Jakkal said.

“Other common answers included family names and important dates like birthdays. One in 10 people admitted reusing passwords across sites, and 40% say they’ve used a formula for their passwords, like Fall2021, which eventually becomes Winter2021 or Spring2022,” he added.

Microsoft findings aren’t unique, and several other similar studies have found that users, in general, are pretty bad at choosing passwords, with the most common password found in public data breaches being “123456” for each of the last six years [12].

The post Microsoft to let users completely remove account passwords and go passwordless appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[BleepingComputer] Microsoft 365 to let SecOps lock hacked Active Directory accounts

Microsoft is updating Microsoft Defender for Identity to allow security operations (SecOps) teams to block attacks by locking a compromised user’s Active Directory account. […] Source: Read More (BleepingComputer)

Read More

[TheRecord] New Australian ransomware plan could freeze or seize cryptocurrencies

Australian authorities are laying the groundwork to seize or freeze cryptocurrencies linked to cybercrimes regardless from where the attacks originated, according to a new Ransomware Action Plan released by the Australian government. The 12-page document aims to set out a comprehensive government strategy to target cyber criminals. Among other things, the plan proposes new criminal […]

Read More

[ZDNet] NRA responds to reports of Grief ransomware attack

All posts, ZDNet

The gun rights organization would not confirm or deny whether they had been hit with a ransomware attack. Source: Read More (Latest topics for ZDNet in Security)

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.