Here are some not-so-interesting stats for you. Three out of four people use duplicate passwords, and 21 percent of people use codes that are over 10 years old. (In 2014, among the five most popular passwords were “password,” “123456,” and “qwerty.”) Passwords aren’t as effective a means as preventing account break-ins as they might seem.
Of course, we have seen 2-Factor authentication and SMS verification but even with that, hackers are still able to redirect text messages to another number. So how about we do away with Passwords altogether? Enter the era of no passwords.
Microsoft is now supporting standards-based FIDO2 security key devices to allow anyone to sign into their Microsoft Account without a username or password. Microsoft is enabling the security key or Windows Hello support through its Edge browser, and it’s the first company to support password-less authentication using the FIDO2 WebAuthn and CTAP2 standards.
What is Passwordless and how Does it Work?
Passwordless login relies on a technical framework called FIDO2, a new open standard that delivers expanded authentication options, including the flexibility to offer a single factor (passwordless), two factor, or multi-factor authentication solutions.
FIDO2 uses public/private key encryption. In this case, the private key (your personal key) lives on your YubiKey, while public keys are stored on a service such as Microsoft accounts, Outlook.com, or Bing. Authentication is fast and easy: simply by inserting or tapping a YubiKey, such as the Security Key by Yubico or the YubiKey 5 Series, your private key is matched with the public key on the server, and login is immediate.
How to log into your Windows 10 PC without a Username or Password
If you have the latest Windows 10 October 2018 Update, you’ll be able to set up Windows Hello or a physical security key from Yubico or FEITIAN that support the FIDO2 standard. If you have a device with a Windows Hello webcam or fingerprint reader, you can simply visit Microsoft Account settings with Edge and link a Windows 10 machine to your account so it no longer requires password entry.
This will place a private key on the trusted platform module (TPM) in a Windows 10 device which is used alongside the presence of the physical key or biometric Windows Hello authentication to verify it against the public key stored on Microsoft’s servers. This combination should make it difficult to fall for a phishing scam or malware, as you’ll get used to logging in without credentials or passwords.
What Microsoft accounts work with this Passwordless method?
Use your Microsoft account and a YubiKey to log in without passwords to all these applications through the Edge Browser:
- Xbox Live
- Microsoft Store
“This combination of ease of use, security and broad industry support is going to be transformational,” Read the statement in part. “Every month, more than 800 million people use a Microsoft account to create, connect, and share from anywhere to Outlook, Office, OneDrive, Bing, Skype and Xbox Live for work and play. And now they can all benefit from this simple user experience and greatly improved security.”
Inpost Image courtesy of TheVerge.