{"id":82311,"date":"2018-05-01T10:00:03","date_gmt":"2018-05-01T17:00:03","guid":{"rendered":"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/?p=82311"},"modified":"2023-05-15T22:59:10","modified_gmt":"2023-05-16T05:59:10","slug":"building-a-world-without-passwords","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/05\/01\/building-a-world-without-passwords\/","title":{"rendered":"Building a world without passwords"},"content":{"rendered":"

Nobody likes passwords. They are inconvenient, insecure, and expensive. In fact, we dislike them so much that we\u2019ve been busy at work<\/a> trying to create a world without them \u2013 a world without passwords.<\/p>\n

In this blog, we will provide a brief insight into how we at Microsoft think about solving this problem, along with details on solutions that you can try out today.<\/p>\n

Passwordless<\/h2>\n

When we think about creating a world without passwords, we want to deliver on two key promises:<\/p>\n

    \n
  1. User promise<\/strong>: End-users should never have to deal with passwords in their day-to-day lives.<\/em><\/li>\n
  2. Security promise<\/strong>: User credentials cannot be cracked, breached, or phished.<\/em><\/li>\n<\/ol>\n

    At its core, our fundamental philosophy is simple: devalue the password<\/strong>, and replace it with something that eradicates its use for the end user and drains its value for an attacker.<\/p>\n

    Passwords have been a big part of our digital lives. To fully get rid of them, not only do we need to address all that is bad with them, we also need to acknowledge all that is good; they are familiar, portable, and can be used almost everywhere.<\/p>\n

    \"Passwords<\/p>\n

    Figure 1. Passwords – Pros vs cons<\/em><\/p>\n

    So how are we going about it? Well, we break this up into discrete buckets:<\/p>\n

    \"Passwordless<\/p>\n

    Figure 2: Passwordless strategy<\/em><\/p>\n

      \n
    1. Develop password-replacement offerings<\/strong>, i.e., replace passwords with a new set of alternatives that address the shortcomings of passwords while embracing their positive attributes.<\/li>\n
    2. Reduce user visible password-surface area<\/strong>, i.e., upgrade all experiences related to the entire life-cycle of a user\u2019s identity (including provisioning of an account, setting up a brand-new device, using the account\/device to access apps and websites, recovery, etc.) and ensure these work with password-replacements (#1).<\/li>\n
    3. Simulate a passwordless world<\/strong>, i.e., enable end users and IT admins to simulate and transition into a passwordless world with confidence.<\/li>\n
    4. Eliminate passwords from the identity directory<\/strong>, i.e., the final frontier \u2013 delete passwords from the identity directory.<\/li>\n<\/ol>\n

      Here\u2019s a quick overview of some of the solutions that you can try out today and how they map to the strategy above.<\/p>\n

      Password-replacement offerings<\/h2>\n

      Windows Hello<\/strong><\/h3>\n

      Here\u2019s a video that provides a quick overview of Windows Hello, how it is more secure than passwords, and some of newest enhancements.<\/p>\n