Microsoft wants you to ditch passwords for biometrics

CISO Bret Arsenault believes passwords aren't secure enough on their own

Microsoft has touted ambitions to move away from passwords and embrace biometric security for identification and authentication processes.

The company's chief information security officer Bret Arsenault told CNBC that online passwords should be eliminated as they do not adequately protect people, and biometrics should be used instead.

Arsenault noted that passwords on their own do not afford enough cyber security and that even the relatively simple and old technique of password spraying whereby a hacker tries to access large amounts of accounts at once by firing commonly used passwords at them can lead to organisations and online a services getting hacked as there's often no extra layer of security once a correct password has been inputted.

"The reality is, we still see a lot of attempts of people trying to password spray. The best way to protect against the password spray is to just eliminate passwords," said Arsenault, who did acknowledge that password security can be bolstered with multi-factor authentication.

Advertisement
Advertisement - Article continues below

"And so the thing that we are seeing is lots and lots of people just focused on eliminating that whole vector."

Microsoft is practising what Arsenault is preaching, with 90% of its 135,000-strong workforce already able to log into the company's corporate network without passwords. Instead, the workers use biometric technology, such as facial recondition or fingerprint scanning, to authenticate themselves.

The company will also scrap its old password expiration policies in Windows 10 in favour of a system that purges expiring passwords deemed no longer secure, and it will effectively force its users to update their passwords every few months once the Windows 10 May 2019 gets rolled out.

Such an anti-password stance is understandable given the increasing use of biometrics, from voice and image recognition to under-display fingerprint scanners in the latest Android smartphones.

However, there are still plenty of cases where biometrics can be duped and devices unlocked by people who shouldn't have such access. Recently, this was brought into the fore with the Nokia 9 PureView, which could be unlocked by pressing a packet of chewing gum against the phone's under-display scanner.

As such, there may be a need for biometric technology to evolve a little further before it can truly replace passwords, online or otherwise.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/network-internet/wifi-hotspots/354283/industrial-wi-fi-6-trial-reveals-blistering-speeds
wifi & hotspots

Industrial Wi-Fi 6 trial reveals blistering speeds

5 Dec 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019