{"id":92404,"date":"2020-12-17T11:45:27","date_gmt":"2020-12-17T19:45:27","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/?p=92404"},"modified":"2023-05-15T22:57:41","modified_gmt":"2023-05-16T05:57:41","slug":"a-breakthrough-year-for-passwordless-technology","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/12\/17\/a-breakthrough-year-for-passwordless-technology\/","title":{"rendered":"A breakthrough year for passwordless technology"},"content":{"rendered":"

As 2020 draws to a close, most of us are looking forward to putting this year in the rearview mirror. Since we depend even more on getting online for everything in our lives, we\u2019re more than ready to be done with passwords. Passwords are a hassle to use, and they present security risks for users and organizations of all sizes, with an average of one in every 250 corporate accounts compromised each month<\/a>. According to the Gartner Group, 20 to 50 percent of all help desk calls are for password resets<\/a>. The World Economic Forum (WEF)<\/a> estimates that cybercrime costs the global economy $2.9 million every minute, with roughly 80 percent of those attacks directed at passwords.<\/p>\n

In November 2019 at Microsoft Ignite, we shared that more than 100 million people were already using Microsoft\u2019s passwordless sign-in each month. In May of 2020, just in time for World Password Day<\/a>, that number had already grown to more than 150 million people, and the use of biometrics to access work accounts is now almost double what it was then. We\u2019ve drawn strength from our customers\u2019 determination this year and are set to make passwordless access<\/a> a reality for all our customers in 2021.<\/p>\n

2020: A banner year for passwordless technology<\/h2>\n

\"Infograph<\/p>\n

February:<\/strong> We announced a preview of Azure Active Directory support for FIDO2 security keys in hybrid environments<\/a>. The Fast Identity Online (FIDO) Alliance is a \u201ccross-industry consortia providing standards, certifications, and market adoption programs to replace passwords with simpler, stronger authentication.\u201d<\/em> Following the latest FIDO spec, FIDO2, we enabled users with security keys to access their Hybrid Azure Active Directory (Azure AD) Windows 10 devices with seamless sign-in, providing secure access to on-premises and cloud resources using a strong hardware-backed public and private-key credential. This expansion of Microsoft\u2019s passwordless capabilities followed 2019\u2019s preview of FIDO2 support for Azure Active Directory joined devices and browser sign-ins.<\/p>\n

June:<\/strong> I gave a keynote speech at Identiverse Virtual 2020<\/a> where I got to talk about how Microsoft\u2019s FIDO2 implementation highlights the importance of industry standards<\/a> in implementing Zero Trust security and is crucial to enabling secure ongoing remote work across industries. Nitika Gupta, Principal Program Manager of Identity Security in our team, showed how Zero Trust is more important than ever for securing data and resources and provided actionable steps that organizations can take to start their Zero Trust journey<\/a>.<\/p>\n

September: <\/strong>At Microsoft Ignite<\/a>, the company revealed the new passwordless wizard available through the Microsoft 365 Admin Center.\u00a0Delivering a streamlined user sign-in experience in Windows 10, Windows Hello for Business replaces passwords by combining strong MFA for an enrolled device with a PIN or user biometric (fingerprint or facial recognition). This approach gives you, our customers, the ability to deliver great user experiences for your employees, customers, and partners without compromising your security posture.<\/p>\n

November:<\/strong> Authenticate 2020<\/a>, \u201cthe first conference dedicated to who, what, why and how of user authentication,\u201d<\/em> featured my boss, Joy Chik, CVP of Identity at Microsoft, as the keynote speaker. Joy talked about how FIDO2 is a critical part of Microsoft\u2019s passwordless vision, and the importance of the whole industry working toward great user experiences, interoperability, and having apps everywhere support passwordless authentication. November also saw Microsoft once again recognized by Gartner as a \u201cLeader\u201d in identity and access management (IAM)<\/a>.<\/p>\n

MISA members lead the way<\/h2>\n

The\u00a0Microsoft Intelligent Security Association<\/a>\u00a0(MISA) is an ecosystem of security partners who have integrated their solutions with Microsoft to better defend against increasingly sophisticated cyber threats. Four MISA members\u2014YubiKey, HID Global, Trustkey, and AuthenTrend\u2014stood out this year for their efforts in driving passwordless technology adoption across industries.<\/p>\n

Yubico<\/a> created the passwordless YubiKey hardware to help businesses achieve the highest level of security at scale.<\/p>\n

\u201cWe\u2019re providing users with a convenient, simple, authentication solution for Azure Active Directory.\u201d<\/em>\u2014Derek Hanson, VP of Solutions Architecture and Alliances, Yubico<\/p><\/blockquote>\n

HID Global<\/a> engineered the HID Crescendo family of FIDO-enabled smart cards and USB keys to streamline access for IT and physical workspaces\u2014enabling passwordless authentication anywhere.<\/p>\n

\u201cOrganizations can now secure access to laptops and cloud apps with the same credentials employees use to open the door to their office.\u201d<\/em>\u2014Julian Lovelock, VP of Global Business Segment Identity and Access Management Solutions, HID<\/p><\/blockquote>\n

TrustKey<\/a> provides FIDO2 hardware and software solutions for enterprises who want to deploy passwordless authentication with Azure Active Directory because: \u201cUsers often find innovative ways to circumvent difficult policies,\u201d<\/em> comments Andrew Jun, VP of Product Development at TrustKey, \u201cwhich inadvertently creates security holes.\u201d<\/em><\/p>\n

AuthenTrend<\/a> applied fingerprint-authentication technology to the FIDO2 security key and aspires to replace all passwords with biometrics to help people take back ownership of their credentials.<\/p>\n

Next steps for passwordless in 2021<\/h2>\n

Our team has been working hard this year to join these partners in making passwords a thing of the past. Along with new UX and APIs for managing FIDO2 security keys<\/a> enabling customers to develop custom solutions and tools, we plan to release a converged registration portal in 2021, where all users can seamlessly manage passwordless credentials via the My Apps portal<\/a>.<\/p>\n

We\u2019re excited about the metrics we tracked in 2020, which show a growing acceptance of passwordless among organizations and users:<\/p>\n