09/16/2021 1:12 PM
Clarín.com
Technology
Updated 09/16/2021 1:12 PM
Microsoft is further distancing users from
passwords
, that system we have so that, basically, our personal information is not stolen.
The company is implementing
a login system that completely eliminates passwords.
The tech giant has been waging a war against
password-based
“traditional authentication”
for some time.
This is because passwords are a prime target for cyberattacks, as
weak or reused passwords can be guessed
or tampered with through automated attacks.
Microsoft's hypothesis: passwords are not as secure as a system to access our services.
So as it prepares to launch Windows 11 in a few weeks, Microsoft is rolling out its passwordless sign-in option, previously only available to business customers, across all Microsoft accounts.
This means that users will be able to sign in to services, such as
Outlook and OneDrive
, without having to use a password.
How does the system work?
Outlook, Microsoft's email service.
“Users of a Microsoft account will have the possibility to say goodbye to their passwords, through applications such as Microsoft Authenticator or Windows Hello, which is already available in the Microsoft Store.
Microsoft Authenticator and Windows Hello offer a more personal way to log in through facial recognition,
fingerprint or a PIN
, ”the company explained in a statement.
Once the application is downloaded, each time users want to enter an account, a security key or verification code will be sent to a phone or email,
which can be used to log into the different
Microsoft
applications
and services. , such as Outlook, OneDrive, Microsoft Family Safety, among others.
This is a feature that will be distributed in the coming weeks.
However, some Microsoft applications will still require a password, such as
Office 2010 or earlier versions, Remote Desktop, and Xbox 360
.
Similarly, those using versions of Windows that are now not supported will also not be able to ditch their passwords for the time being, as the feature will only be supported on Windows 10 and Windows 11.
Microsoft says passwordless sign-in will roll out to consumer accounts for the next several weeks, so the option to remove our passwords may not yet be there.
Microsoft's stance on passwords
Hard to remember, safe;
easy to remember, insecure.
Photo: Shutterstock
"
Hackers don't break in, they log in,
" says Bret Arsenault, Microsoft's Director of Information Security.
In other words, weak passwords are the gateway for most attacks targeting company and user accounts.
According to the company, passwords are vulnerable for various reasons:
Requirements for creating passwords: With the exception of self-generated passwords, which are practically impossible to remember, each user usually creates their own passwords. However, due to their vulnerability,
the requirements to create them have become increasingly complex in recent years,
as they must include multiple symbols, numbers, uppercase and lowercase letters, as well as not matching previous passwords. Therefore, one of the most frequent drawbacks has to do with creating passwords that are secure enough and easy to remember for all the accounts you have.
· The platitudes: To solve this problem and create passwords that can be remembered, people use all kinds of aids, from familiar words and phrases to personal names. One of the recent Microsoft surveys found that
15% of people use their pet's names
to create passwords. Other common responses were the names of your family members and important dates, such as birthdays. Also, one in 10 people admitted that they use the same password for all their accounts and applications and 40% said that they use familiar formulas, such as, for example, Fall2021 or Spring2022.
The Hacker's Skill: While these types of passwords are easier to remember, they are also easier for hackers to guess.
Just by looking
at the person's
social networks
, you can find clues and enter a personal account.
Sophisticated tools and techniques: Hackers also have increasingly sophisticated tools and techniques.
For example, many of them use password spraying, an automated process that consists of quickly testing the same commonly used password on multiple user accounts.
They can also use what is called phishing, a deception technique to get people to enter their information on a fake website.
As an alternative, many specialists recommend using a password manager.
SL
Look also
Attacks on Potential Cryptocurrency Investors and Miners Grow
There are more and more cyber attacks on kids who play video games: how to prevent yourself