Microsoft Takes a Strange Approach to get rid of Password-based Authentication

Every time a technology giant announces a new login mechanism, there is some cause for concern. In the case of Microsoft’s new announcement, it appears they are taking one step backward for some unknown reason. Rather than using passwords for a login procedure, Microsoft is now looking to use a code generated by the Microsoft Authenticator application. An interesting idea, although it may not necessarily be the best course of action.

Microsoft Tries To Get Rid of Passwords Altogether

It has to be said, there is a dire need to get rid of password-based authentication procedures altogether. After all, consumers often reuse passwords or generate combinations that are far too easy to hack. In fact, we recently discussed how consumers need to start paying more attention as to how they generate passwords. Microsoft is trying to address this problem in a slightly different manner, although it remains to be seen if their effort will be successful.

To be more specific, Microsoft is ditching passwords in favor of two-factor authentication. Users can authenticate their credentials by using a code generated by the Microsoft Authenticator app, which works similarly to Google Authenticator. However, it is not traditional two-factor authentication by any means, as Microsoft is effectively removing one layer of security in favor of their mobile solution.

In fact, the Microsoft Authenticator will effectively replace passwords altogether. Consumers who have access to their mobile phone can use the app as a way to log in to Microsoft services, rather than entering a username and password combination. Users need to add their Microsoft accounts to theiOS or Android version of the app. Once they try to sign into a Microsoft account, they should be prompted to authenticate access on their mobile device.

While this may sound rather convenient, it is also a big step backward when it comes to providing account security. Although using a password and two-factor authentication combined is a bit more cumbersome, additional security can never be a bad thing. Removing the password from the equation is a good decision, although replacing it with a pre-linked mobile app is not necessarily a good solution. Consumers are not too security-aware when using mobile phones and devices are often passed along to friends and family members.

Luckily, there is a failsafe, although it seems to be undoing everything Microsoft is trying to achieve. If a user would lose access to their mobile device, they can still log in with their password on the confirmation page. This seems to make the entire process a bit moot, as there is seemingly no need to remove password authentication in the first place. Users need to access their mobile device, yet they can easily do so after entering their password as well. The idea just looks very strange, although only time will tell if Microsoft is on the right track.  

In the end, it is good to see technology giants experiment with solutions that no longer rely purely on passwords for user authentication. Then again, this new model seems to remove one layer of security in favor of a slightly more insecure one. The goal is to turn Microsoft Authenticator into a form of biometrics-based authentication, although a lot of work will need to be done before that goal can be achieved. Less reliance on passwords is a good thing, yet mobile devices are not necessarily the most secure solution by any means.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.