Passwords are frustrating for many computer and smart device users. OSes, apps, and websites ask for passwords and passphrases of different lengths and structures (with PINs too sometimes) and then you are supposed to use a different password for different logins and change them at regular intervals to remain secure. While techies can offer up solutions such as password managers, a large number of users still regularly use passwords such as 'password' or '12345' to secure their access/data - and then they share this information when they are not supposed to. Can technology come to the rescue? Microsoft thinks the answer is yes, and furthermore, it thinks it is ready to provide the solution with Windows Hello.
Microsoft has published a lengthy blog post calling for the death of passwords. It refers to typed passwords as a "relic from the early days of computing that has long outlived its usefulness, and certainly, its ability to keep criminals at bay". Research points to weak passwords and stolen id as the premier source of data loss with 81 per cent of major data breaches due to compromised identities last year.
A new approach taken by Microsoft and other leading tech companies hopes to remove this weak link in security by "making you the password". Of course this is referring to the biometric security tech that is growing in popularity across devices and is extending to homes, cars and so on. In Windows we have Windows Hello tech, introduced in Windows 10.
Microsoft says that already roughly 70 percent of Windows 10 users with biometric-enabled devices are choosing Windows Hello over traditional passwords. With this kind of adoption rate we should see this type of security embraced by more and more third party developers too. Microsoft is part of the FIDO (Fast IDentity Online) Alliance which seeks to provide open standards for simpler, stronger authentication. In addition to biometrics FIDO adds hardware and mobile-based authenticators to identity. Other important FIDO members are the likes of Intel, Google, Samsung, Qualcomm, Visa, MasterCard, AMEX, PayPal, eBay, and more.
The creation of the "password-less world" will of course take time, but with the industry weight behind it and important websites and business applications adopting the likes of Windows Hello, we only need wait for the cultural shift to banish passwords forever, thinks Microsoft, as long as the alternative is easier and better.
Biometric security flaws?
Biometric security failures have been in the news in recent months. In November we saw researchers bypassing Apple Face ID with a mask, and days later there were reports of family relatives being able to log-in as their relations (see comments). For Windows Hello, a week or two ago we saw researchers fooling the camera system with a simple photo. However, it was noted that newer versions of Windows 10, with 'Enhanced Anti-Spoofing' hardware configured, were not vulnerable. Even if vulnerable, both Apple and Microsoft's systems are surely an improvement over easily guessable and widely shared passwords.
Apple FaceID failed to secure this lady's iPhone. Her son could easily log in too.