The future of security – the end of password authentication?

Entering a username and password has long been the standard when it comes to authentication, and we follow this approach almost every day when logging in to laptops, websites and mobile applications.

Over the years, to ensure security we’ve been encouraged to create passwords using a confusing combination of letters, numbers and symbols as a way of protecting accounts and deterring would-be hackers. Unfortunately, these complex passwords can sometimes be a bit too difficult to remember, especially when using a different combination across various websites.

For most people struggling to memorise a unique set of case-sensitive letters and numbers, the standard response can be to scribble the password down on a post-it note. For others, it might just be a case of adding numbers to the end of a more memorable password – admit it, we’ve all been there!

The growing threat

Hacker’s methods have become more advanced over the years, to the point where even complex passwords can be cracked within hours. Computers are now capable of testing thousands of combinations, spotting patterns in passwords over time.

Unfortunately, while hacking has become more sophisticated, our security measures have remained the same, and people are still the biggest weakness when it comes to online security.

Microsoft’s response

Microsoft is aware of this growing problem and has started taking steps to improve the situation. With Windows 10 they introduced the ability to log on to your laptop using facial recognition – a more sophisticated and secure alternative to a simple username and password.

When accessing Office 365, we can use Conditional Access features from Azure AD to enforce Multi-Factor Authentication along with usernames and passwords – if you are not already doing this then we suggest reading the official support article.

Microsoft Ignite – A password-less future?

During September’s Microsoft Ignite event, it was also announced that they were working towards password-less access for Office 365, and have the security feature as a preview. This allows users to access Office 365 by using their smart phone to match a number on screen, before authenticating with a fingerprint. You can watch the following video for the full announcement.

If you’re interested in enabling password-less access for Office 365, you will need to do the following:

1. Download the Microsoft Authenticator app from the Google Play or iTunes Store on to your mobile.

2. Go to https://account.activedirectory.windowsazure.com and select “Profile”, then “Additional Security Verification”.

3. Even if you have already configured MFA for your account, you will need to click on “+” in the Microsoft Authenticator app. Then click on the “Configure” button in the browser.

4. Scan the QR code, save the settings and verify.

5. Back on the Microsoft Authenticator App, touch the down arrow next to your credentials and select “Enable Phone Sign-In”.

6. You will be asked to register your device with the domain using your password and then you are done.

7. When you login you will still have to enter your username but now you will see the following prompt.

8. On your mobile you will get a notification for Microsoft Authenticator. Opening the notification, you will see something like the screen below. Match the number and then authenticate with your fingerprint.

After following these easy steps, you should now be able to enjoy reliable, password-free security, which can only be a positive when it comes to remembering those old complex combinations!