This post was the result of an article I read dated February 8, 2018 by Lee Mathews at Forbes.com titled, “Microsoft Ditches Passwords In New Version Of Windows 10”
Passwords are hassle for everyone; for the user and for the company who must securely maintain them in their databases. No one cares if a single person loses their password due to poor security on their own PC or is scammed/phished into surrendering their password – we think ‘shame on them’ for not keeping their machine up to date. But if a company loses it for the same reasons – it is a company-value-crushing event. At least until we heard about the next large data breach.
Passwords are such a nuisance to create and remember. Different companies have different rules for generating ‘strong’ passwords. It’s like a game, each time you satisfy their special characters, length, repetition and capitalization requirements your green progress bar grows fuller – you feel like you’re winning the computer security game and creating a secure password at the same time. You smugly think to yourself, “Take that you hackers”. Study computer security for longer than five minutes and you quickly learn it’s a false sense of security. Trying to remember them isn’t a trivial task either – especially if need to remember numerous passwords created using different generation rules for each site you need to log into. I actually wouldn’t be able to remember a single computer generated password of 16 characters; can you remember ‘wzdHgV5D}X!Eme.9’? (Thank-you passwordsgenerator.net, but I’ll pass)
You’re not supposed to write passwords down. Not even at home where they should be most safe. I use a secure app to store mine, but If I lose my phone, I’ll spend half a day resetting all my passwords after buying a new expensive phone. Of course, trying to use the silly validation questions because I need to reset the password for a specific site is arguably a futile practice; I can remember a pet’s name – but which one did I use? What was my favorite vacation destination? Chain a few of these useless queries together and I start to laugh. So 90’s…
Passwords need to become a thing of the past.
Saying goodbye to passwords would be fantastic – though I don’t expect it to happen anytime soon. What we’re talking about in the article is simplifying the login process on a single account or computer. We’re still some distance from using a coordinated cloud with a single AAAS provider to access all of your apps one place. That implies the concept of Authentication As-A-Service. Big companies are starting to do it – Amazon AWS and now Microsoft, but only for their own accounts. It’s exciting to watch – It’s my opinion that Authentication will eventually be a single point process in the cloud which will provide all my apps and services.
To illustrate; To log into my AWS console I simply enter an email address and use Googles Authenticator app that generates numeric codes linked to my specific AWS account. I have 25 seconds to enter the correct code before it generates a new 6-digit code. I appreciate the simplicity. If Amazon(or Microsoft) were to become the single repository of all the apps I use and offer a single login, I would declare such a service to be “brilliant!”.
According to Lee Mathews, who penned the article that got my attention, “ In the new version, you simply tap a notification on your phone to authorize your account.
That app is the Microsoft Authenticator, and it, too, has been in app stores for quite a while. While you can use it to sign yourself in to a number of Microsoft’s services, you couldn’t use it to authenticate yourself on a Windows computer.
That’s changed with the arrival of Windows 10 Build 17093, which Windows Insiders are testing now. Install Microsoft Authenticator on your phone and sign in with your Microsoft account. Sign in with the same account on your computer. When Microsoft sees that you’re trying to sign in, it will send an alert to your phone and ask you to approve the request.”
Of course, there are also biometric ways to log into accounts which financial services seem to prefer right now. I appreciate those too. The key take-away is that it’s nice to take a step in the right direction, but the reality is I’m still faced with the same basic problem; redundant layers of Authentication for each computer, app or service I use. There will be a better way in the future…after large companies finally realize that a coordinated single platform for Authentication will be more secure and convenient for everyone.