As the world continues to struggle with COVID-19, our lives are becoming increasingly dependent on digital interactions. Because we work from home, we depend on e-commerce, telemedicine and e-government for our daily activities. Our daily use of the Internet has increased by more than 20%. And if we’re lucky enough to have a job that we can do from home, we can access business applications from outside the corporate firewall.
Whether we connect to social networks, mobile banking or our workplace, we connect through online accounts that require a username and password. The more we do online, the more accounts we have. Creating and remembering new passwords becomes a constant problem. We’ll take shortcuts. According to a study by the Ponemon Institute, people reuse on average five common passwords for both business and personal use. It’s an aspect of human nature that hackers rely on. When they receive a unique password, they know they can use it to further unlock our digital life. This way, a single cracked password can trigger a Chain of Custody response.
No matter how strong or complex the password is, it’s useless if a bad actor can build it socially far away from us or find it in a black net. Moreover, passwords are awkward and reduce productivity. Every year, people spend hours logging into applications and retrieving or resetting forgotten usernames and passwords. These activities do not make things safer. This only increases the cost of the service.
Peoplehave filled in the passwordstoday.
Users want something lighter and more comfortable. The administrators need something safer. We don’t think anyone can find passwords as a reason to party. That’s why we help organizations find smarter ways to connect that are appreciated by users and hated by hackers. We hope that instead of World Password Day, we will celebrate World Password Day without passwords.
With an average of 250 hacked business accounts per month, we know that using passwords is not a good strategy to protect your business. As companies add more and more business applications to their portfolios, the cost of passwords will only increase. In fact, companies spend 30-60% of their support calls resetting passwords. Given the ineffectiveness of passwords, it is surprising how many organizations have not enabled multi-factor authentication (MFA) for their customers or employees.
Password free technology exists and users use it as the best way to authenticate themselves securely. Last November, Microsoft Ignite reported that more than 100 million people registered in the system each month using password-free methods. This number has now reached more than 150 million people. According to our latest study, the use of biometrics for labour accounts is expected to double this year, with almost a quarter of companies already using or planning to use biometrics soon, indicating an increased willingness to get rid of this eight-digit inconvenience.
We now have the motivation to promote initiatives that increase safety and reduce costs. Seamless new technologies offer users the benefits of AMF in a single step. To securely connect to Windows Hello, just point your face or press your finger. Microsoft has integrated wireless authentication support into its products and services such as Office, Azure, Xbox and Github. You don’t even need to create a username – you can use your phone number instead. Administrators can use a single login with Azure Active Directory (Azure AD) to enable password-free authentication for an unlimited number of applications using the built-in Windows Hello function, the Phone Authenticator functions in Microsoft Authenticator, or security keys created with the public FIDO2 standard.
Of course, we would never advise our customers to try anything we’ve never tried before. We are always our own first customers. Microsoft’s IT team has switched to password-free authentication and 90% of Microsoft employees now log in without a password. As a result, the cost of supporting hard and soft passwords has decreased by 87%. We hope that other customers will enjoy similar benefits in terms of increased employee productivity, lower IT costs and improved security. If you want to know more about our approach, watch an episode of CISO Spotlight with Bret Arseno (Microsoft CISO) and me. With this approach, we were better prepared for uninterrupted and safe remote operation 18 months ago when COVID 19 was active.
For many of us, domestic work will be the new norm in the near future. We see many opportunities to better protect the digital accounts people rely on every day using password-free methods. Whether you want to protect your organization or your own digital life, every step towards a win-win situation is a step towards improving your security situation. Now, let’s embrace the world without the passers-by!
Subscribe to the Security Blog to stay up to date with our expert reports on security issues. Follow us at @MSFTSecurity for the latest cyber security news and updates.