We live in a world where an astounding 250 million corporate accounts are hacked every month. Earlier, Microsoft revealed that as many as 99% of these did not have multi-factor authentication, underlining the company’s current focus on password replacement technology.
In fact, with 150 million users already using password-less methods each month, there is every indication that this is a customer-led transition. And Microsoft has been quick to pivot and evolve. It recently outlined its four-phased strategy to build a password-less world. Let’s look at how Microsoft is leading the shift in the market and what businesses can do to keep pace with these new developments.
“Over the last few years, various passwordless authentication methods have started gaining momentum. For example, authentication methods like two-factor authentication (2FA) and One-time-password (OTP) authentication see massive adoption. In 2FA, in particular, an additional authentication layer is offered besides regular passwords”, said TheWindowsClub.
Deploying new password replacement offerings
With Windows Hello for Business and the Microsoft Authenticator app, Microsoft has turned the spotlight on password replacement technology. In Windows Hello for Business, user authentication is enabled through a password and multi-factor authentication (MFA), including bio-gestures. Here, Windows Hello PINS replace passwords. In fact, as Microsoft proudly announces, “You are the password”. The focus is on a more human way to authenticate users, while combining an enhanced consumer experience with elevated enterprise security. Alongside this, the Microsoft Authenticator is making password-less authentication a reality.
With the consumer’s phone and app on it acting as an authentication mechanism, the Microsoft Authenticator leverages the same strong authentication technologies behind Windows Hello for Business. But the most exciting development comes from Fast IDentity Online 2.0 (FIDO2), which is an industry alliance for an interoperable authentication standard. It is based on public key cryptography, while biometrics and keys never leave a user’s device. It is expected to work with the same devices people use every day, while effectively protecting them against phishing, man-in-the-middle and replay attacks. Most importantly, it promises a common standard that will operate seamlessly across devices, software, and ecosystems.
The roadmap for enterprises: To prepare for a world without passwords, enterprises cab can deploy Windows Hello for Business and set up the Authenticator app to initiate pilot programs. In fact, the Authenticator app can already be used in the Azure Active Directory environment as a second factor. In the future, Microsoft will make it a primary factor, as has already been done for Microsoft accounts.
Reducing the user-visible password surface area
Currently, Windows Hello for Business has been enabled for all mainstream scenarios. In addition, Microsoft is updating all applications with modern authentication to deliver a single sign-on experience using its strong identification technology.
The roadmap for enterprises: Enterprises will have to upgrade line of business (LoB) apps and web apps to use modern authentication technology. It is the only way that organizations can expect to continue with business as usual in a password-less world. In the process, enterprises will need to identify and phase out legacy workflows that are built on password authentication based outdated technology. Success in supplementing and circumventing those hurdles will determine an enterprise’s success.
Transitioning into password-less deployment
To enable this transition into next-generation authentication technology, Microsoft has begun to implement policies to disable password credential providers from enumerating on a user’s lock screen or credential user interface. It has enabled a “No password” sign-in option on Windows Hello for Business and is simulating a world where it is possible to hide passwords in situations where users still currently experience them. In such a world, Microsoft has begun its transition by examining how information workers can still thrive, without a loss in productivity.
The roadmap for enterprises: To initiate this, enterprises can disable password credential providers, initiating pilot programs that disable these settings. It would also provide businesses with a good opportunity to test users’ response. Most importantly, this will help enterprises to prepare for a password-less migration, identify potential gaps, and share relevant feedback with Microsoft. In fact, Microsoft already has similar pilots running in Redmond, where it is identifying and fixing any lacunae in the current solution.
Eliminating passwords from the identity directory
The shift to a world without passwords is already underway, with Microsoft initiating the elimination of passwords from the identity factory. As first steps, Microsoft has introduced Smart card only interactive log ins and Microsoft Authenticator password-less option sign ins. Clearly, the move to a brave new world has begun. Enterprises that do not keep pace with these transitions will be left behind.
The roadmap for enterprises: The key will be for enterprises to stay ahead of these rapid transitions. For instance, the Azure Active Directory will soon have a phone sign-in using Microsoft Authenticator, and with the release of Windows 10, Windows Hello for Business will be password-less. Enterprises must be prepared to leverage these developments. But the most anticipated advancement is expected to come from the industry-wide alliance at FIDO, which is working to provide an interoperable solution that replaces passwords. Such a password replacement technology could indeed be a game changer.
Clearly, for the world to go “password-less” holistically, it will require a solution that is deployed ubiquitously. It must work on multiple identity systems and ecosystems, transitioning between personal and professional spaces. However, while such a solution cannot be purely Windows based, Microsoft is undoubtedly pioneering the way.