Developers: | Microsoft |
Date of the premiere of the system: | April 2017 |
Last Release Date: | 2020/12/17 |
Technology: | IB - Authentication |
Content |
Main article: Passwords
2021: Microsoft began to refuse passwords when logging in to accounts
September 15, 2021 Microsoft began to refuse passwords when logging in to accounts. Previously, this feature was available only to business customers, and now consumers can use it.
You Outlook OneDrive Microsoft Family Safety can use Microsoft Authenticator, biometric authentications Windows Hello, a security key, or a verification code sent to your phone or email to log in to applications and services such as,,,, or as an alternative to passwords.
To switch to password-free mode, you need to install Microsoft Authenticator and associate it with your Microsoft account, then visit the account.microsoft.com site, log in and find Additional Security. You can enable the Account without password option. Following the on-screen instructions, you only need to approve the notification from Authenticator. At the same time, if the user decides that he still prefers to use the password, he can always be added back to his account.
As noted in Microsoft, weak passwords are the reason for most attacks on corporate and user accounts. Every second there are 579 attacks on passwords - this is 18 billion attacks per year. Passwords are very inconvenient to create and remember. Users often try to simplify their task and come up with an easily memorable password. A survey conducted by the company showed that 15% of people use the names of their pets to create passwords. Other common answers include family names and important dates, such as birthdays. One in 10 people noted that they use passwords again on different sites, and 40% say that they changed passwords to similar ones according to a certain formula, for example, Fall2021, which eventually turns into Winter2021 or Spring2022.[1]
2020: Add Password Manager Preview
Microsoft Password Manager supports Edge, Chrome, iOS, and Android. This became known on December 17, 2020.
The pre-release version of the password manager for December 2020 is built into the free mobile application Microsoft Authenticator, which is used for multifactor authentication. Like many other password managers, the manager has the function of auto-filling passwords.
Passwords are synchronized from the Microsoft Edge browser and can be used on multiple devices using a Microsoft account. Passwords can also be synchronized with Google Chrome using the Microsoft Autofill extension.
Microsoft can add a full-fledged password manager to its Microsoft 365 service, writes The Verge. AutoComplete is useful for owners of Microsoft accounts that use multiple devices.
This feature became available in Microsoft Authenticator on December 16, 2020, and in order to start using it, you need to specify it as the default autofill feature in the settings of the iOS and Android devices.
AutoComplete works only with Microsoft user accounts and is disabled for enterprise users who use the phone authorization or multifactorial authentication application. To enable this feature for enterprise users of Microsoft Authenticator, companies need to join the list of allowed[2].
2017: Announcement
In April 2017, Microsoft released an application that is designed to "destroy the password" as an authorization tool. Authenticator is designed to replace traditional passwords with push notifications.[3]
Security experts say passwords are already too weak and unreliable a way to protect data.
In 2016, the notorious "123456" remained the most popular password in the world. That is, users do not take seriously the need to defend themselves, at least until they themselves are faced with hacking a mail account or bank account, "says Dmitry Gvozdev, general director of Security Monitor. - And on the other hand, memorizing dozens of unique passwords to different resources is at least inconvenient. There are, of course, software password managers that allow you to generate unique character combinations for each individual resource, and the user only has to remember one master password. But not everyone knows about these programs, and those who know are not always ready to use them. |
The idea of Authenticator is to minimize the effort of the user so that he does not have to come up with safe (that is, very complex) passwords himself. When installing Authenticator on a mobile device running iOS or Android, the user receives a push notification, and if he confirms it with the Approve command, authorization is performed.
The application does not require any biometric modules, only the touch of the person who is currently holding the phone. This, however, means that when it is stolen, the thief will also be able to log into all accounts available from the mobile device if the user cannot quickly block the device remotely.
As Alex Simons, program director of Microsoft's identification division, noted, Authenticator is designed for the user market. The business version of the application will follow next fall.
Microsoft is not the first time trying to get rid of a password: the implementation model of Authenticator is similar to Windows Hello, a biometric application for authorization on computers running Windows 10. In order for it to work, hardware biometric modules will be needed, and not all personal computers are equipped with them. Authenticator does not need biometric tools.
Interestingly, Microsoft considers the authentication method using Authenticator as a two-factor one: the first step is the phone itself, and the second is its own protection, such as a PIN or fingerprint. The company recognizes that the definition of two-factor authorization can be interpreted in different ways.
In general, this can only be called two-factor authorization with a stretch, "says Dmitry Gvozdev. In general, the title of "password killer" Authenticator is still quite far away. |