No matter how many times people are warned, the most popular passwords are still terrible. They make it easy for hackers to steal identities and are the main source of data loss. It’s one of the reasons why Microsoft has called for the password to be killed off.
The Redmond firm says passwords are a relic from the early days of computing that have outlived their usefulness. And that having to change them regularly to another hard-to-remember string of text isn’t the best or most secure solution.
Bret Arsenault, corporate vice president and chief information security officer at Microsoft, said: “For several decades, the industry has focused on securing devices. That model needs a makeover. Securing devices is important, but it’s not enough. We should also be focused on securing individuals. We can enhance your experience and security by letting you become the password.”
One of Microsoft’s answers to what it sees as the password problem is Windows Hello, which verifies users’ identities using facial, fingerprint, and even iris scanning. The company says it's used by most of its employees, and that 70 percent of Windows 10 owners with Biometric-enabled devices choose Windows Hello over regular passwords.
Microsoft is also on FIDO’s board of directors. The Fast Identity Online Alliance works with industry leaders including Intel and Google to develop specifications and certifications for password-replacing technology like USB tokens, biometrics, and mobile-based solutions.
But Windows Hello isn’t infallible, at least on older versions of the OS. Last week, German security firm SYSS discovered they could trick its facial recognition tech using a printed headshot, though it only works on Windows 10 systems that haven’t yet received the Fall Creators Update.
The other big company pushing the virtues of biometric authentication is, of course, Apple. Despite several examples of its Face ID system being tricked by photos and users' relatives, the system is still expected to arrive in the company’s other devices next year.