Are passwords a dying breed?
In a blog post published September 15, Microsoft Vice President of Security, Compliance, and Identity Vasu Jakkal entitled “The passwordless future is here for your Microsoft account” (yes, with bad capitalization, just like that), Microsoft announced that you could “completely remove the password from your Microsoft account”. He continued:
“Use the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to your phone or email to sign in to your favorite apps and services, such as Microsoft Outlook, Microsoft OneDrive, Microsoft Family Safety, and more. This feature will be rolled out over the coming weeks.”
Amusingly, the Microsoft CISO is quoted as saying “hackers don’t break in, they log in,” which certainly flies in the face of my experience with Microsoft products, but we’ll leave that for another post.
Jakkal’s argument is that either passwords are secure and users can’t remember them, or users can remember them and so they’re insecure. Apparently he’s unfamiliar with password management apps.
I’ve been hearing that passwords are going the way of the dodo bird since the 1990s…and maybe someday they are, though there have been several biometric hype cycles that have come and gone. Seems to me two-factor (password plus one of the other options Jakkal mentioned) is the more secure route. That’s what I do on the cheap VPS systems I run.
(By the way, regarding the art for this post: amazingly, I have the same combination on my luggage!)