{"id":91053,"date":"2020-05-07T09:00:18","date_gmt":"2020-05-07T16:00:18","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/?p=91053"},"modified":"2023-05-15T23:08:05","modified_gmt":"2023-05-16T06:08:05","slug":"protect-accounts-smarter-ways-sign-in-world-passwordless-day","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/05\/07\/protect-accounts-smarter-ways-sign-in-world-passwordless-day\/","title":{"rendered":"Protect your accounts with smarter ways to sign in on World Passwordless Day"},"content":{"rendered":"

As the world continues to grapple with COVID-19, our lives have become increasingly dependent on digital interactions. Operating at home, we\u2019ve had to rely on e-commerce, telehealth, and e-government to manage the everyday business of life. Our daily online usage has increased by over 20 percent. And if we\u2019re fortunate enough to have a job that we can do from home, we\u2019re accessing corporate apps from outside the company firewall.<\/p>\n

Whether we\u2019re signing into social media, mobile banking, or our workplace, we\u2019re connecting via online accounts that require a username and password. The more we do online, the more accounts we have. It becomes a hassle to constantly create new passwords and remember them. So, we take shortcuts. According to a Ponemon Institute study, people reuse an average of five total passwords, both business and personal. This is one aspect of human nature that hackers bet on. If they get hold of one password, they know they can use it to pry open more of our digital lives. A single compromised password, then, can create a chain reaction of liability.<\/p>\n

No matter how strong or complex a password is, it\u2019s useless if a bad actor can socially engineer it away from us or find it on the dark web. Plus, passwords are inconvenient and a drain on productivity. People spend hours each year signing into applications and recovering or resetting forgotten usernames and passwords. This activity doesn\u2019t make things more secure. It only drives up the costs of service desks.<\/p>\n

People today are done with passwords<\/h3>\n

Users want something easier and more convenient. Administrators want something more secure. We don\u2019t think anyone finds passwords a cause to celebrate. That\u2019s why we\u2019re helping organizations find smarter ways to sign in that users will love and hackers will hate. Our hope is that instead of World Password Day, we\u2019ll start celebrating World Passwordless Day.<\/p>\n

\"Animated<\/p>\n

Since an average of one in every 250 corporate accounts is compromised each month, we know that relying on passwords isn\u2019t a good enterprise defense strategy. As companies continue to add more business applications to their portfolios, the cost of passwords only goes up. In fact, companies are dedicating 30 to 60 percent of their support desk calls to password resets. Given how ineffective passwords can be, it\u2019s surprising how many companies haven\u2019t turned on multi-factor authentication (MFA) for their customers or employees.<\/p>\n

Passwordless technology is here\u2014and users are adopting it as the best experience for strong authentication. Last November at Microsoft Ignite, we shared that more than 100 million people were already signing in using passwordless methods each month. That number has now reached over 150 million people. According to our recent survey, the use of biometrics for work accounts is set to double this year, with nearly a quarter of companies already using or planning to deploy biometrics soon, signaling an increased desire to ditch the eight-character nuisance.<\/p>\n

We now have the momentum to push forward initiatives that increase security and <\/em>reduce cost. New passwordless technologies give users the benefits of MFA in one gesture. To sign in securely with Windows Hello, all you have to do is show your face or press your finger. Microsoft has built support for passwordless authentication into our products and services, including Office, Azure, Xbox, and Github. You\u00a0don\u2019t even need\u00a0to create\u00a0a username anymore\u2014you can\u00a0use your phone number\u00a0instead. Administrators can use single sign-on in Azure Active Directory (Azure AD) to enable passwordless authentication for an unlimited number of apps<\/a> through native functionality in Windows Hello, the phone-as-a-token capabilities in the Microsoft Authenticator app, or security keys built using the FIDO2 open standards.<\/p>\n

Of course, we would never advise our customers to try anything we haven\u2019t tried ourselves. We\u2019re always our own first customer. Microsoft\u2019s IT team switched to passwordless authentication and now 90 percent of Microsoft employees sign in without entering a password. As a result, hard and soft costs of supporting passwords fell by 87 percent. We expect other customers will experience similar benefits in employee productivity improvements, lower IT costs, and a stronger security posture. To learn more about our approach, watch the CISO spotlight episode<\/a> with Bret Arsenault (Microsoft CISO) and myself. By taking this approach 18 months ago, we were better set up for seamless secure remote work during COVID 19.<\/p>\n

For many of us, working from home will be a new norm for the foreseeable future. We see many opportunities for using passwordless methods to better secure digital accounts that people rely on every day. Whether you\u2019re protecting an organization or your own digital life, every step towards passwordless is a step towards improving your security posture. Now let\u2019s embrace the world of passwordless<\/a>!<\/p>\n

Related articles<\/h3>\n