Preparing for a Passwordless Future: What It Means and How to Prepare
Going Password-Free and What It Means for Your Team
Passwords are a fundamental staple of cybersecurity. It’s a step we all use to keep our accounts and data secure, and it’s something many of us have probably never questioned: of course we use passwords, how else could you sign in to your account and keep it secure?
As it turns out, passwords come with a lot of risks: not only can they be hacked or phished, but most users choose the same handful of simple passwords for all their accounts, which poses troubling security risks if one of their accounts is compromised.
Imagine a future where passwords are a relic of the past and your accounts are more secure than ever. Sound revolutionary and far-off? In fact, this is Microsoft’s vision for the future, and the technology they’ve created to accomplish it isn’t just a futuristic sci-fi fantasy – it exists now and is being used at an increasingly widespread rate.
So, what will this passwordless future look like?
How can you prepare for it?
What will it mean for data security?
That’s what we’ll unpack below.
Going Passwordless with Windows Hello
Windows Hello is Microsoft’s biometric authentication tool, allowing users to unlock devices with a face or fingerprint scan instead of a password. It is the driving force behind Microsoft’s password-free vision, which will rely upon one-to-one security checks (that is, a security token that is only useable once, so that an individual verification can’t be compromised later) such as multi-factor authentication (MFA) and biometric verification instead of passwords.
Speaking of phishing…what is it?
Phishing is the fraudulent practice of sending emails purporting to be from reputable companies to trick individuals to reveal login credentials. Passwords are especially vulnerable to this tactic. But according to Microsoft, going passwordless will eliminate this threat by effectively removing passwords from the login verification process.
Authenticating with Windows Hello
At the moment, there is still an underlying password behind each Windows Hello authentication, but the password isn’t used during login verifications. This not only means it won’t be at risk when browsing the internet, but it also means users can set it to be an extremely complicated string of characters that would be difficult to crack. Yes, this could be difficult for users to memorize, but remember, they won’t need their passwords in their day-to-day.
That being said, Microsoft’s long-term strategy is to do away with passwords altogether, instead opting for Windows Hello. The reason Windows Hello is a great solution is that it provides a secure and seamless login experience.
Better Than Current Solutions
Right now, one band-aid solution for password vulnerabilities is traditional MFA, which asks users to go through several verification steps (such as entering a one-time code they receive via text) after entering their password in order to verify user identity. While this is a helpful security measure, it feels clunky and slows down productivity.
Without passwords, however, Windows Hello will make it so you don’t have to worry about logging in multiple times since authentication happens automatically and near-seamlessly as you navigate through programs. MFA will still be a necessary measure, but it will be streamlined, and you’ll encounter it less often. For example, you’ll likely encounter it when accessing admin-level permissions to make changes to a system.
Saying no to passwords means saying yes to enhanced security, fewer login headaches, and potentially higher levels of productivity for your team.
Sci-Fi or Reality?
Does going passwordless with Windows Hello sound like a distant sci-fi future? Believe it or not, you can actually achieve passwordless today, but you need to be in a modern solution design. This means your applications must support Azure tokens (if need help understanding or navigating Azure tokens, let us know – we’re happy to help!), as that is essentially the ball bearing of the biometric login operation.
Preparing for the Future
Eventually, passwords will be a thing of the past altogether. As of today, however, with the right setup, you can effectively go password-free. The best thing you can do to capitalize on this trend is to go ahead and modernize your solution. However, we realize that’s no small ask – there’s a lot of work to be done to modernize any IT environment, which is even more reason to plan for the future today.
Does that seem overwhelming? It doesn’t have to be! Reach out to us so our architects can develop a customized roadmap to modernize your environment, get your team passwordless, and keep you on the cutting edge of technology
About the author
Jimmy Smogor is the Security Practice Lead at Interlink. Jimmy started at Interlink over 8 years ago while in college and has developed immense expertise in the world of cybersecurity. He has expanded his knowledge of Microsoft Security to assist our clients by leveraging Microsoft’s security stacks, whether it’s a simple deployment of Multi-factor for sign-in or leveraging Defender for Endpoint EDR with Microsoft Sentinel for automated playbooks. Jimmy is continuing to grow his expertise in cybersecurity and the advantages of Microsoft Security.
Welcome to the Interlink Cloud Blog
All content provided on this blog is for informational purposes only. The owner of this blog makes no representations or warranties regarding the information from our partners or other external sources.