{"id":6267,"date":"2024-08-01T09:00:00","date_gmt":"2024-08-01T16:00:00","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/education\/blog\/?p=6267"},"modified":"2024-08-14T15:50:23","modified_gmt":"2024-08-14T22:50:23","slug":"empowering-secure-and-seamless-learning-multifactor-authentication-without-a-smartphone","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/education\/blog\/2024\/08\/empowering-secure-and-seamless-learning-multifactor-authentication-without-a-smartphone\/","title":{"rendered":"Empowering secure and seamless learning: Multifactor authentication without a smartphone"},"content":{"rendered":"\n

As we look ahead to the upcoming school year in many places across the northern hemisphere, educational institutions face a daunting security landscape. The education sector regularly makes up over 80% of the reported malware encounters in any 30-day period. Traditional passwords are increasingly vulnerable, leading to potential security breaches. The average student often neglects best practices for password security, frequently opting for simple and easily guessable passwords. Fortunately, there\u2019s a promising development\u2014Microsoft offers multifactor authentication (MFA) without a smartphone using secure, passwordless device access.<\/p>\n\n\n

\"\"
More than 80% of malware encounters reported within a 30-day period consistently come from the education sector.<\/figcaption><\/figure>\n\n\n\n

Poor security practices can lead to significant consequences, from identity theft and unauthorized access to students\u2019 personal and academic information, to severe breaches across education networks and systems. While schools have focused on encouraging a more proactive access control approach\u2014such as creating stronger unique passwords\u2014success ultimately depends on the students. Protect your school\u2019s devices and data with Microsoft\u2019s industry-leading cybersecurity solutions<\/a> that bring the digital security needs of your students, teachers, and school districts to the forefront.<\/p>\n\n\n\n

MFA without a smartphone: a convenient and secure option<\/h2>\n\n\n\n

Traditional MFA processes are unrealistic for students, as institutions from primary schools to universities cannot expect every student to have a phone or device to deploy legacy MFA options. Additionally, using personal devices for authentication comes with even more privacy and security concerns for educational institutions. However, studies have shown that an account is more than 99.9% less likely to be compromised if using MFA<\/a>. So, what can schools do?<\/p>\n\n\n\n

Luckily, hope is on the horizon\u2014Microsoft has pioneered a passwordless approach using MFA without a smartphone that ensures students can easily access their learning environments securely. With no phone required for authentication, this is the first passwordless MFA solution from an industry-leading security and education solution provider for primary and secondary (K-12), and higher education students. Without having to rely on a homegrown or third-party identity provider (IdP), credentials can be set and distributed to students that may not have a phone to complete the setup. Additionally, this passwordless approach helps schools meet stringent cyber insurance requirements and qualify for a variety of government funding opportunities and cyber grant programs around the world, such as the recently announced $200 million FCC Cybersecurity Pilot Program for schools<\/a> in the US.<\/p>\n\n\n\n

By replacing passwords with your choice of convenient and secure options for passwordless authentication, you can transform the security of your entry points with best-in-class technology and increase your IT team\u2019s productivity.<\/p>\n\n\n\n

Why use MFA to go passwordless?<\/h2>\n\n\n\n

Passwords are often the weakest link in security protocols and can be easily guessed, stolen, or forgotten. As we grow more predictable in our password generation and choices, our vulnerability increases. According to a recent study by the National Institute of Standards and Technology<\/a> (NIST), more than 68% of primary school students and 81% of middle school and high school students reuse the same password across multiple accounts, making them vulnerable to identity theft and attacks. Even strong passwords are vulnerable because they are often reused across multiple sites\u2014there have been a number of high-profile data breaches exposing millions of user passwords, and just one recycled password can give hackers the ability to conduct attacks across websites.<\/p>\n\n\n

\"\"
Passwords are frequently the most vulnerable point in security systems and are susceptible to being guessed, compromised, or misplaced.<\/figcaption><\/figure>\n\n\n
\n\t
\n\t\t

\n\t\t\tLearn 5 tips for enhancing school cybersecurity\t\t<\/p>\n\t\t\n\t\t\tRead the blog<\/span> <\/span>\n\t\t<\/a>\n\t<\/div>\n<\/div>\n\n\n\n

Unfortunately, students in particular may be more likely to use weak passwords or reuse passwords as they\u2019re less aware of or concerned about security best practices. While traditional MFA does add an additional layer of protection, it\u2019s still reliant on the use of a password and a second device.<\/p>\n\n\n\n

Passwordless authentication helps minimize the threat of password theft while enabling easy sign-in security that achieves leading industry standards\u2014all while providing a smooth and efficient experience for students, faculty, and IT. Passwordless authentication also doesn\u2019t require a phone for use (FIDO2-compliant security keys can be used instead of apps, SMS, or voice calls) yet still leverages advanced technologies like biometrics and PINs, which are more secure, user-friendly, and popular based on feedback from end users.<\/p>\n\n\n

\"\"
Passwordless authentication with Microsoft provides secure and easy sign-in for students, faculty, and IT.<\/figcaption><\/figure>\n\n\n\n

Passwordless authentication with Microsoft adds multiple layers of safety for student data. For example, if biometrics are used as part of the Windows Hello face authentication system, the biometric data never leaves the device\u2014the data is hashed and stored locally instead of on the cloud. Also, if using a PIN with Windows Hello, the PIN is tied to the specific device on which it is set up\u2014so if a malicious actor obtains the PIN, they can\u2019t use it to access the account from another device.<\/p>\n\n\n\n

How to implement passwordless MFA<\/h2>\n\n\n\n

There are three main steps to planning, implementing, and managing passwordless MFA for students.<\/p>\n\n\n\n

The first step is distributing Temporary Access Passes (TAP) which are often generated when passwords are provided to students for the first time or when students receive new devices. By using authentication methods in Microsoft Entra ID, you can control what MFA methods students are prompted to set up and use.<\/p>\n\n\n

\"\"
After generating and distributing TAP to students, they can create a passwordless credential to use with their devices.<\/figcaption><\/figure>\n\n\n\n

The second step is configuring devices. Depending on the device and system, passwordless sign-in methods can be configured for each operating system to meet your requirements:<\/p>\n\n\n\n