OOOONE-HUUUUNDRED-AND-EIIIIIGHTEE! A number to be celebrated when a darts player throws three perfect darts. As a complete coincidence, it is also the number of passwords that are saved in my browser. When I sat down to write this article, I checked in my browser to see how many passwords were saved. I was expecting a big number but 180 shocked even me.
The problem is that cybersecurity experts tell us to have a different password for every login and make sure that password is at least ten characters long with upper and lower case and numbers and special characters and change it every thirty days and…arrghhhh! It is all too hard. It is little wonder that, despite 579 password attacks every second across the world, ‘123456’ and ‘qwerty’ and ‘password’ keep topping the list of common passwords. In a recent survey, twenty per cent of people said they would rather perform an embarrassing ‘reply all’ e-mail than reset a password! Hackers often don’t break in to your account – they just log in.
What is the solution? Usage of security fobs and biometric scans are increasing but what if we just remove the password altogether? Have I gone crazy? Well it isn’t so much me going crazy as Microsoft fixing an unfixable problem by giving up on traditional advice and coming at the problem from a different angle. For years advice on password strategy has fallen on deaf ears so Microsoft has thrown its hands in the air and said “get rid of the password!” Remove the password from Outlook and OneDrive and even Windows itself.
Before you are convinced that Bill Gates has used vaccine injected 5G mind control to influence employees at the company he founded, let me explain.
To go passwordless, you need to download and install the Microsoft Authenticator app and link that to your Microsoft account. Then turn on ‘passwordless account’. When you attempt to login to your account, you will receive a code on your app. Type in that code and you are in! If you don’t like the idea of the app, you can use your phone or a secondary e-mail account or biometric options can be used such as face, iris or fingerprint. Don’t mistake this for two-factor authentication. There are some companies that require a password AND a second factor of authentication such as a text message. Microsoft’s version does not require the password. It relies entirely on the code. There is no password failsafe with this system because…there is no password! Now I am sure the clever people at Microsoft have thought of a few little issues that spring immediately to my mind. If your phone is lost or stolen, at best it means that you may lose access to your services but it may mean that someone else has easy access to all of your information. The other assumption from Microsoft is that we all have ubiquitous connections. For the many people who live in regional Australia, they will tell you that isn’t the case. Before Wi-Fi texting was available, I heard many stories of farmers using their bank online with a satellite Internet connection. To logon, the bank would send a text message but the farmer may have to run fifty metres up their driveway to find the spot that has phone reception to receive their text before running back to the house and entering it within the time constraints. Not always pleasant late at night in winter.
Tell me if you would rather continue with your puzzle of passwords or are brave enough to go passswordless at ask@techtalk.digital
Mathew Dickerson