In a change that will take place in the coming weeks, the Microsoft stated that users will be able to remove the password from their account and select an alternative authentication option, such as:
- Security keys
- Disposable codes sent by email or SMS
- Biometric data from Windows Hello
- or through the mobile app Microsoft Authenticator.
Today's news comes after the Microsoft piloted this new setting (from March 2021), when it allowed Azure users not to use passwords for other more secure alternatives.
Prior to the tests (from March until today), the operation had been requested many times by its business customers. Microsoft.
System administrators and security engineers have been asking for a way to protect their accounts from brute-force password-guessing attacks, which are now very common. Remember that billions of user credentials are currently circulating freely on the internet.
In a blog post announcing her upcoming move Microsoft, Vasu Jakkal, Corporate Vice President of the department Microsoft Security, Compliance, Identity and Management, said the company currently records 579 password attacks every second, for a total of $ 18 billion a year.
"One of our recent surveys found that 15% of people use their pet names as a inspiration for a password," said Jakkal.
"Other codes include family names and important dates such as birthdays. One in 10 people admitted to reusing passwords on websites and 40% said they use a formula for their passwords, such as Fall2021, which becomes Winter2021 or Spring2022.