Microsoft has touted ambitions to move away from passwords and embrace biometric security for identification and authentication processes.
The company's chief information security officer Bret Arsenault told CNBC that online passwords should be eliminated as they do not adequately protect people, and biometrics should be used instead.
Arsenault noted that passwords on their own do not afford enough cyber security and that even the relatively simple and old technique of password spraying whereby a hacker tries to access large amounts of accounts at once by firing commonly used passwords at them can lead to organisations and online a services getting hacked as there's often no extra layer of security once a correct password has been inputted.
"The reality is, we still see a lot of attempts of people trying to password spray. The best way to protect against the password spray is to just eliminate passwords," said Arsenault, who did acknowledge that password security can be bolstered with multi-factor authentication.
"And so the thing that we are seeing is lots and lots of people just focused on eliminating that whole vector."
Microsoft is practising what Arsenault is preaching, with 90% of its 135,000-strong workforce already able to log into the company's corporate network without passwords. Instead, the workers use biometric technology, such as facial recondition or fingerprint scanning, to authenticate themselves.
The company will also scrap its old password expiration policies in Windows 10 in favour of a system that purges expiring passwords deemed no longer secure, and it will effectively force its users to update their passwords every few months once the Windows 10 May 2019 gets rolled out.
Such an anti-password stance is understandable given the increasing use of biometrics, from voice and image recognition to under-display fingerprint scanners in the latest Android smartphones.
However, there are still plenty of cases where biometrics can be duped and devices unlocked by people who shouldn't have such access. Recently, this was brought into the fore with the Nokia 9 PureView, which could be unlocked by pressing a packet of chewing gum against the phone's under-display scanner.
As such, there may be a need for biometric technology to evolve a little further before it can truly replace passwords, online or otherwise.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
Five things to consider before choosing an MFA solutionIn-depth Because we all should move on from using “password” as a password
-
The IT Pro Podcast: Going passwordlessIT Pro Podcast Something you are, or something you have, could be more important than a password you know in the near future
-
Podcast transcript: Going passwordlessIT Pro Podcast Read the full transcript for this episode of the IT Pro Podcast
-
UK police fails ethical tests with "unlawful" facial recognition deploymentsNews A University of Cambridge team audited UK police use of the tech and found frequent ethical and legal shortcomings
-
Snapchat settles for $35 million in Illinois biometrics lawsuitNews The social media giant had been accused of improperly collecting, storing facial geometry in violation of state legislation
-
Home Office to collect foreign offenders' biometric data using smartwatch schemeNews Facial recognition and geolocation data will be matched against Home Office, Ministry of Justice and police databases
-
Southern co-operative faces legal complaint for facial recognition CCTVNews Rights group Big Brother Watch has written to the Information Commissioner to “stop unlawful processing”
-
Amazon gave police departments Ring footage without permissionNews The tech giant has done this 11 times this year
