Microsoft wants you to forget your passwords

Push notifications replace passwords with Microsoft Authenticator

Microsoft has released a feature allowing users to sign into their Redmond apps using a push notification, removing the need to remember a password.

For those using the Microsoft Authenticator app on Android and iOS, they can enable 'phone sign-in' through a drop-down box on the settings tile to replace the password field for existing Redmond accounts. First time users will be automatically prompted to set up the new feature when adding a new account to a device.

When they next access that Microsoft account, for instance through the Office 365 app, they only need to enter their username. Once entered, the Authenticator app will ping a notification requiring the user to tap 'Approve'.

"This process is easier than standard two-step verification and significantly more secure than only a password, which can be forgotten, phished, or compromised," said Alex Simons, partner director of program management at Microsoft's identity division.

The sign-in process using Microsoft Authenticator

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The system also makes use of the existing security built into mobile devices, such as PIN screens and fingerprint scanners, effectively creating multi-step security without the need for passwords made up of upper and lower cases or numbers.

Having already released to a small number of beta users, the app is now generally available to all Android and iOS users.

Somewhat ironically the Microsoft Authenticator is currently not available on Windows Phone, and it is unclear whether the feature will ever make it to the platform. Microsoft has stated that given less than 5% of active users of authenticator apps are using Windows Phone, so it will only consider adding support when the new sign-in feature becomes a "big success on those high scale platforms" - what it deems a 'big success' remains to be seen.

The new sign-in feature comes after a number of high profile security breaches were blamed on password reuse - the natural tendency for users to memorise a small number of regularly used passwords. The danger is that smaller data leaks of email addresses and associated passwords from one website could be used in much larger cyber attacks.

Following the breach of Dropbox in 2012, which exposed more than 60 million accounts, it was found hackers were able to make use of an employee password that was stolen during a similar breach of LinkedIn's network.

Advertisement - Article continues below

Microsoft has setup a forum for those needing support with the app or who wish to submit feedback.

Picture courtesy of Microsoft

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/business-strategy/mergers-and-acquisitions/354602/xerox-to-nominate-directors-to-hps-board-reports
mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020