Passwords are under attack by many major companies who are trying to give more secure access to users. Recently Microsoft announced the password-free login using its Microsoft Authenticator App while another digital security company Yubikey announced another version of its USB security keys which do not need any passwords. Neither of these is going to kill the password anytime soon, but these are two more shots fired at the passwords. The new password-free feature of Microsoft works through the app in a way Google Authenticator or text-message-based two-factor authentication works.
Once the user logs into Microsoft app, using the actual password for the first and last time, they will have the option to log into other services like Outlook by using the app instead of using the password. The app sends a notification on the phone, which the user can approve by using the PIN or the biometric, whichever they use to unlock their phone. This process is not entirely like the two-factor authentication which is already in use. Instead of sending a code after you have entered your password, the app’s confirmation process replaces the password entirely which is also much more convenient than typing some garbled code and safer than receiving confirmation codes by text message.
The solution provided by Microsoft requires the user to download and set up another app. However; it has a streamlined approach. Google’s two-factor prompts make use of the Android operating system to let user tap a notification on their phone and verify the login with no previous setup. This system still requires the user to type their password. On the other hand, Microsoft’s password-killing tech is confined to its ecosystem of products. Yubikey also promises a wide-ranging solution. The latest Yubikey 5 security system makes use of the open FIDO2 authentication standard which supports “strong single factor” also called password-less login.
Users can use Yubikey USB keys like a car key. When it is plugged in, it can replace passwords for services which support the standard. It currently includes Google Chrome, Firefox, and Microsoft Edge. The new line of keys has four flavors with varying USB styles and NFC capability for desktop and mobile devices. These anti-password moves come while the Google’s new Titan security keys are also on their way. These keys aim to increase the strength of the password though not to replace it yet. Now that the home button has disappeared from nearly all devices and Face ID introduced by Apple is spreading the password-free strategy. Microsoft will also provide the same functionality with its ‘Hello’ feature which will give the same functionality on computers using only the standard webcam.
Since password alternatives are rolling out and being acknowledged by users everywhere, the question is that which alternative is going to become the next big thing in the world of security. Systems which are confined to a gadget or software ecosystem like Microsoft’s authenticator app or Apple’s Face ID will stay confined to specific gadgets and services. An open standard approach like Yubikey who promises to be a universal solution also requires to buy a physical object. One thing is perhaps clear by now that passwords are insecure. Hopefully one day, they will be replaced for good and will make the online networks more secure.