Microsoft announced today that it intends to allow users to remove passwords from their accounts.
In a change that will take place in the coming weeks, Microsoft said users will be able to remove the password from their account and choose an alternative option control identity is covered, such as:
- Security keys
- Disposable codes sent by email or SMS
- Biometric data from Windows Hello
- or through the Microsoft Authenticator mobile app.
Today's news comes after Microsoft piloted this new setting (from March 2021), when it allowed Azure users not to use passwords for other more secure alternatives.
Before the tests (from March until now), the mode it had been requested too many times by Microsoft's business customers.
System administrators and security engineers have been asking for a way to protect their accounts from brute-force password-guessing attacks, which are now very common. Remember that billions of user credentials are currently circulating freely on the internet.
In a blog post announcing Microsoft's upcoming move, Vasu Jakkal, Corporate Vice President of Microsoft Security, Compliance, Identity and Management, said that the company currently records 579 password attacks every second, and a total of 18 billion annually.
"Μια από τις πρόσφατες έρευνές μας διαπίστωσε ότι το 15% των ανθρώπων χρησιμοποιούν τα ονόματα των κατοικίδιων τους σαν έμπνευση για κωδικό πρόσβασης", ανέφερε ο Jakkal.
"Άλλοι κωδικοί περιλαμβάνουν ονόματα οικογενειών και σημαντικές ημερομηνίες όπως τα γενέθλια. Ένας στους 10 ανθρώπους παραδέχτηκε ότι ξαναχρησιμοποιεί κωδικούς πρόσβασης σε ιστότοπους και το 40% δήλωσε ότι χρησιμοποιεί έναν τύπο για τους κωδικούς πρόσβασής του, όπως το Fall2021, που γίνεται Winter2021 ή και Spring2022.".