Karanbir Singh (a program manager at Microsoft) is on a mission:
Kill the password.
As he said in a recent blog post:
“Nobody likes passwords. They are inconvenient, insecure, and expensive. In fact, we dislike them so much that we’ve been busy at work trying to create a world without them–a world without passwords.”
The company’s stated goal is to make it possible that an end user will never have to bother with passwords on a day to day basis and would instead provide credentials that are virtually impossible for hackers to crack or breach.
To accomplish this goal, the company is looking at a number of options, including biometrics and multi-factor authentication schemes.
Singh notes that this isn’t just blue-sky thinking, either. Already, more than 47 million users and more than five thousand businesses are utilizing “Windows Hello for Business.” Another solution currently in use is the Microsoft Authenticator app, which allows users to access their Microsoft accounts via their smartphones.
Additionally, as part of the Windows 10 update issued in April (2018), any user with a Managed Service Account or Azure Active Directory can now access their Windows 10 PC without having to enter their password, via the authenticator app and Windows Hello (provided that S-mode is enabled).
The company is also taking advantage of the newly ratified Fast Identity Online (FIDO2) security protocol, and is in the process of updating Windows Hello to enable secure authentication across a wider range of scenarios. For example: The company is currently working on a proof of concept for shared PCs that will allow users to log on via FIDO2 security keys, which will allow employees to carry their credentials with them.
They envision a scenario in which any user can simply walk up to any device the organization controls and authenticate without ever having to enter their username or password. This would be especially useful for analysts, help desk personnel, and anyone working in the medical profession.
Obviously no firm timeframes have been given, but as mentioned, some of these technologies are already in use and will be refined in the months ahead.