Microsoft (MSFT) wants to get rid of passwords, with one top executive calling them an “inherent risk” to security.
As part of its annual Ignite conference, the tech giant announced on Tuesday that it will begin allowing business customers that use its Azure Active Directory, Microsoft’s cloud authentication platform, to ditch passwords for biometrics to secure work accounts.
“When there’s passwords there is inherent risk to the organization,” Vasu Jakkal, Microsoft corporate vice president of security, compliance, and identity marketing, told Yahoo Finance.
“We continue to see passwords being a big risk for organizations,” Jakkal said. “And the average email address is associated [with] I think greater than 100 accounts now. That means every time one email address is compromised you’re compromising all these accounts.”
Microsoft plans to let business users instead sign into their corporate accounts using facial recognition software like Windows Hello for Business, fingerprint scanners, the Microsoft Authenticator app, or a FIDO 2 (fast identity online) option such as a physical USB key.
Jakkal points out that users need to write down passwords or store them online to remember them, which itself is a security issue. What’s more, attackers can use methods such as password spraying in the hopes of hitting the right combination and breaking into users’ profiles.
Hackers can also exploit users who have a single password on multiple accounts.
‘We do hope that passwordless is going to be the norm’
Microsoft isn’t the only organization that offers such passwordless services. Amazon’s (AMZN) AWS, Microsoft’s chief cloud rival, has a similar offering for its Amazon Cognito authentication platform. But Microsoft seems dedicated to getting rid of passwords for all users.
“It’s a long journey but we do hope that passwordless is going to be a norm,” Jakkal said. “It is a safer way to do things and so the more we can all embrace that I think the more we can protect ourselves and our organizations.”
In addition to kicking passwords to the curb, Microsoft announced that it will begin offering its security services to customers who use multi-cloud platforms. In other words, if your company has Microsoft Azure as well as Amazon’s AWS or Google’s (GOOG, GOOGL) Cloud Platform (GCP), Microsoft’s security apps will work on its own Azure service, as well as with AWS and GCP.
The idea is to make security more streamlined and less of a hassle that requires IT professionals to manage multiple apps to keep their organizations safe from attackers.
Microsoft has been making security a larger part of its corporate story as of late. In January CEO Satya Nadella told Yahoo Finance that there is a “big crisis right now” in cybersecurity. He spoke to Yahoo Finance the month after a massive hack of government agencies and companies involving the software company SolarWinds.
That incident saw suspected Russian hackers compromise software updates for SolarWinds’ network monitoring tools. That hack allowed the attackers to then break into the systems of major government organizations including the Treasury Department.
Microsoft, which Nadella says made $10 billion on security products in the last 12 months, helped investigators to identify victims and determine the scale of the hack. “I was most proud that we became the first responders for this attack,” Jakkal told Yahoo Finance in January. “We were the defenders that other defenders were turning to.”
Got a tip? Email Daniel Howley at email@example.com over via encrypted mail at firstname.lastname@example.org, and follow him on Twitter at @DanielHowley.
More from Dan:
Follow Yahoo Finance on Twitter, Facebook, Instagram, Flipboard, SmartNews, LinkedIn, YouTube, and reddit. Find live stock market quotes and the latest business and finance newsFor tutorials and information on investing and trading stocks, check out Cashay.