Microsoft has announced at the Ignite conference that they are trying to eliminate passwords by allow access to the Azure Active Directory applications without passwords through its’ Microsoft Authenticator app. This application will use a combination of the user’s smartphone, fingerprints, face identification or PIN to access the software and data. IT security experts commented below.
Robert Capps, VP and Authentication Strategist at NuData Security:
“Passwords have long exceeded their useful life as a stand-alone security control, and as a result, the industry as a whole is embracing new methods to authenticate users and protect their identity. Evolving technologies such as physical biometrics are providing a more user-friendly experience while offering higher accuracy rates, but they add additional friction to the user experience. Until we have a ubiquitous and easy to use replacement for passwords, next-gen technologies such as passive biometrics and behavioral analytics help companies to better understand their true users using their existing username and password authentication schemes, allowing them to only prompt for disruptive secondary authentication steps, when a real risk is detected.”
John Gunn, Chief Marketing Officer at OneSpan:
“This is really positive news because it supports the move away from password-based login, which is terrible when it comes to security and ease of use. As more people experience password-less login in the workplace, they will come to expect this for consumer applications such as online banking and mobile purchases, where losses due to hackers logging in as their victim are in the tens of billions of dollars and growing.”