Microsoft exec: 'We continue to see passwords being a big risk' for companies
Microsoft (MSFT) wants to get rid of passwords, with one top executive calling them an “inherent risk” to security.
As part of its annual Ignite conference, the tech giant announced on Tuesday that it will begin allowing business customers that use its Azure Active Directory, Microsoft’s cloud authentication platform, to ditch passwords for biometrics to secure work accounts.
“When there’s passwords there is inherent risk to the organization,” Vasu Jakkal, Microsoft corporate vice president of security, compliance, and identity marketing, told Yahoo Finance.
“We continue to see passwords being a big risk for organizations,” Jakkal said. “And the average email address is associated [with] I think greater than 100 accounts now. That means every time one email address is compromised you're compromising all these accounts.”
Microsoft plans to let business users instead sign into their corporate accounts using facial recognition software like Windows Hello for Business, fingerprint scanners, the Microsoft Authenticator app, or a FIDO 2 (fast identity online) option such as a physical USB key.
Jakkal points out that users need to write down passwords or store them online to remember them, which itself is a security issue. What’s more, attackers can use methods such as password spraying in the hopes of hitting the right combination and breaking into users’ profiles.
Hackers can also exploit users who have a single password on multiple accounts.
'We do hope that passwordless is going to be the norm'
Microsoft isn’t the only organization that offers such passwordless services. Amazon’s (AMZN) AWS, Microsoft’s chief cloud rival, has a similar offering for its Amazon Cognito authentication platform. But Microsoft seems dedicated to getting rid of passwords for all users.
“It's a long journey but we do hope that passwordless is going to be a norm,” Jakkal said. “It is a safer way to do things and so the more we can all embrace that I think the more we can protect ourselves and our organizations.”
In addition to kicking passwords to the curb, Microsoft announced that it will begin offering its security services to customers who use multi-cloud platforms. In other words, if your company has Microsoft Azure as well as Amazon’s AWS or Google’s (GOOG, GOOGL) Cloud Platform (GCP), Microsoft’s security apps will work on its own Azure service, as well as with AWS and GCP.
The idea is to make security more streamlined and less of a hassle that requires IT professionals to manage multiple apps to keep their organizations safe from attackers.
Microsoft has been making security a larger part of its corporate story as of late. In January CEO Satya Nadella told Yahoo Finance that there is a “big crisis right now” in cybersecurity. He spoke to Yahoo Finance the month after a massive hack of government agencies and companies involving the software company SolarWinds.
That incident saw suspected Russian hackers compromise software updates for SolarWinds’ network monitoring tools. That hack allowed the attackers to then break into the systems of major government organizations including the Treasury Department.
Microsoft, which Nadella says made $10 billion on security products in the last 12 months, helped investigators to identify victims and determine the scale of the hack. “I was most proud that we became the first responders for this attack,” Jakkal told Yahoo Finance in January. “We were the defenders that other defenders were turning to."
Sign up for Yahoo Finance Tech newsletter
Got a tip? Email Daniel Howley at [email protected] over via encrypted mail at [email protected], and follow him on Twitter at @DanielHowley.
More from Dan:
Robocallers have gotten out of control — Here's how you can stop them
How to find a PlayStation 5 and Xbox Series X — even with a massive chip shortage
Follow Yahoo Finance on Twitter, Facebook, Instagram, Flipboard, SmartNews, LinkedIn, YouTube, and reddit. Find live stock market quotes and the latest business and finance newsFor tutorials and information on investing and trading stocks, check out Cashay.