Microsoft wants you to ditch passwords for biometrics

CISO Bret Arsenault believes passwords aren't secure enough on their own

Microsoft has touted ambitions to move away from passwords and embrace biometric security for identification and authentication processes.

The company's chief information security officer Bret Arsenault told CNBC that online passwords should be eliminated as they do not adequately protect people, and biometrics should be used instead.

Arsenault noted that passwords on their own do not afford enough cyber security and that even the relatively simple and old technique of password spraying whereby a hacker tries to access large amounts of accounts at once by firing commonly used passwords at them can lead to organisations and online a services getting hacked as there's often no extra layer of security once a correct password has been inputted.

"The reality is, we still see a lot of attempts of people trying to password spray. The best way to protect against the password spray is to just eliminate passwords," said Arsenault, who did acknowledge that password security can be bolstered with multi-factor authentication.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"And so the thing that we are seeing is lots and lots of people just focused on eliminating that whole vector."

Microsoft is practising what Arsenault is preaching, with 90% of its 135,000-strong workforce already able to log into the company's corporate network without passwords. Instead, the workers use biometric technology, such as facial recondition or fingerprint scanning, to authenticate themselves.

The company will also scrap its old password expiration policies in Windows 10 in favour of a system that purges expiring passwords deemed no longer secure, and it will effectively force its users to update their passwords every few months once the Windows 10 May 2019 gets rolled out.

Such an anti-password stance is understandable given the increasing use of biometrics, from voice and image recognition to under-display fingerprint scanners in the latest Android smartphones.

However, there are still plenty of cases where biometrics can be duped and devices unlocked by people who shouldn't have such access. Recently, this was brought into the fore with the Nokia 9 PureView, which could be unlocked by pressing a packet of chewing gum against the phone's under-display scanner.

As such, there may be a need for biometric technology to evolve a little further before it can truly replace passwords, online or otherwise.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Most Popular

Visit/business-strategy/public-sector/354608/uk-gov-launches-ps300000-sen-edtech-initiative
public sector

UK gov launches £300,000 SEN EdTech initiative

22 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/business-strategy/mergers-and-acquisitions/354602/xerox-to-nominate-directors-to-hps-board-reports
mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020