In 2022, Microsoft tracked 1,287 password attacks per second (more than 111 million per day). The favoured attack method for attackers was phishing seeing an increase of 61% from 2021 to 2022. Microsoft recommends moving away from using passwords as a credential strategy, and is recommending users to utilise passwordless authentication. Passwordless authentication is a verification method used to confirm a user’s identity, without using a password. Passwordless instead uses more secure techniques such as possession factors, biometrics, and magic links. In this article, we will explore the types of passwordless authentication, the benefits, how to setup passwordless authentication on your Microsoft account, and methods to secure your account without going passwordless. What are the types of Passwordless Authentication There are a few ways that passwordless authentication can be achieved: Possession factors: Also referred to as ‘something you own’. They authenticate users through ownership of a device. For example, if you can get and paste a one-time password, this should prove you are the person who owns the device associated with that account of which you have exclusive access to – thus proving your identity. One-time password (OTP) – A security code designed to be used for a single login attempt, to minimise the risk of fraudulent login attempts and maintain high security. It is a string of characters or numbers automatically generated and sent to the user’s phone via SMS, Voice, or Push message, OTPs can also be received through emails, although this is less secure. OTPs are usually time-limited meaning they only work for a set amount of time, if the set time is passed without the password being entered, the OTP will no longer work and you will have to generate a new one. Biometrics: Biometrics are any unique biological traits such fingerprints, voices, retinas, and facial features. Users are identified by their unique traits making it hard for a hacker to fake, as finger or iris cannot be faked as easily as it is to guess a password or PIN. Magic links: Allows users to log into an account by clicking a link that is emailed to them, rather than inputting their username and password. Magic links can also be used for multi-factor authentication, adding an additional layer of security on top of passwordless authentication. Benefits of Passwordless Authentication Enhances user experience Generating and memorising unique passwords can become unsustainable at a certain point. And if you forget a password, the process of resetting it is often clunky and tedious. Which is why many people use simple, easy to remember passwords – or they reuse the same password over and over. With passwordless authentication, users no longer have to create passwords nor remember them by heart. Instead, they can use their biometrics, a OTP, or a magic link to login. Which is quicker than trying to remember a long, complicated password that you have to re-enter if you get it wrong. Strong cybersecurity posture Passwords alone are simply no longer a strong barrier against attackers. One thing we are all guilty of is reusing the same password across several different accounts & applications, this is a bad habit that you should avoid at all costs. If just one of these passwords was breached (via phishing), leaked (lists on the dark web), or stolen (through malware) there is a high chance that attackers will gain access to several accounts, accounts that may contain your data. Passwordless authentication removes the need for passwords altogether, immediately giving users protection against two of the most prevalent types of attacks, phishing and password attacks. Learn more about how you can protect yourself from phishing attacks. How to set up Passwordless authentication for your Microsoft account Before we setup passwordless for your Microsoft account, you will need to have a mobile device (Android or Apple) – there is currently no Microsoft Authenticator software for computer. For this demonstration, I have used an iPhone, but the steps will still work for Android users. Step 1: Install Microsoft Authenticator Navigate to your devices app store, search for Microsoft Authenticator - it should be the first result that appears. Install it. Once installed, open the Microsoft Authenticator app. Step 2: Sign in to your Microsoft Account Select the blue 'Add account' button. Select which type of account you have. You will then be asked to enter your login details. Once you have entered your login details, you will recieve an 8-digit number code in your emails, enter the code and select 'Verify' If done correctly, you will be sent to the screen below. Press the 'Finish' button, and you will be sent back to the homepage with your account now showing at the top. Step 3: Setting up passwordless for your Microsoft account. From the homepage, select the account you have just logged in to. You will be taken to the screen below. Click on 'Update security info' You will be taken to this screen were you will need to scroll down until you reach the 'Additional security' section. Under 'Passwordless account' press 'Turn on'. You will be taken to this screen were you simply need to select 'Next' After that, you will recieve a request for password removal. To find this request, you do not need to leave the Microsoft Authenticator app, select the 'Done' text in the top-left hand corner. You will be taken back to the home page. Next, you need to select the 3-bar icon in the top-left hand corner. Select 'Check for notifications' Select 'Approve' For me, the app asked for Touch ID, however this can change depending on how new your device is as newer iPhones do not have a home button. Whatever the app requests for you to do, complete it. If you have followed these steps, a message should appear saying ‘Approved’. Passwordless should now be setup on your device.
If you would like to remove passwordless, go back through the process of step 3. How to secure your accounts without going passwordless If you want to carry on using passwords, we have some recommendations that you may want to implement:
In conclusion, going passwordless with your accounts offers enhanced security and convenience. We may strengthen our accounts and lower the risk of data breaches by doing away with conventional passwords and implementing cutting-edge authentication techniques like biometrics, possession factors, and magic links. By supporting passwordless authentication with tools like Windows Hello and Microsoft Authenticator, Microsoft makes it easier for users to log in and gives them more control over their online identities. Passwordless practises help us keep ahead of cyber risks and are in line with the rapidly changing technological world. Explore the available options, make informed choices, and unlock the potential of a passwordless future.
0 Comments
Your comment will be posted after it is approved.
Leave a Reply. |
blog Categories:
All
|
Businesses |
Elite Help Ltd
Registered Address 6 The Grove Northop Hall Mold, Flintshire CH7 6JX Company Number: 4101974 |
T/A Elite PC Systems LTD
Trading Address 20 Nicholas Street, Room 3 Chester Cheshire CH1 2NX Vat Number: 762987671 |
|