Microsoft ditches passwords for phone-based log-ins

Dive Brief:

  • Microsoft revealed phone sign-in for Microsoft accounts, a new sign-in feature that the company says will eliminate the traditional password and "is easier than standard two-step verification and significantly more secure than only a password."

  • Alex Simons, director of Program Management for Microsoft’s Identity Division, explained how it works in a blog: "With phone-based authentication enabled, after entering your Microsoft Account email address, you'll receive an alert on your phone. From that alert, you can either approve or reject the authentication attempt— no password necessary."

  • A link at the bottom of the confirmation page allows users to choose a password instead if they prefer.

Dive Insight:

Microsoft says the new approach is safer and saves users time when logging into anything that requires a Microsoft account. The approach is similar to the sign-in prompts Google announced last summer.

Lots of companies are working on solutions to help eliminate the traditional password. Researchers at Binghamton State University recently reported they are experimenting with a new security technique for accessing medical records that would create an encryption key using patients' electrocardiograph readings.

Traditional passwords are not only easily forgotten, they are also easily stolen. More than three billion user credentials and passwords were stolen in 2016, according to a report from Thycotic and Cybersecurity Ventures. That breaks down to 8.2 million passwords stolen every day and approximately 95 passwords stolen every second.

Filed Under: IT Strategy Security