Microsoft has taken another step on the road to a password-free internet. The company announced this Thursday that it will allow consumers to log into their accounts with Microsoft Authenticator (an application), Windows Hello (a system that uses fingerprint, biometric or facial recognition technology to uniquely identify a user) , a security key or a verification code by SMS or email. It is not the first company to do so. The difference with other attempts by other companies is that, in this case, the user who wishes can completely dispense with this authentication system.
"Passwords have been, until now, the necessary evil," says Alfredo Reino, an expert in cybersecurity at Secureworks.
“The sector agrees that the password mechanism has given its service, because it was the only thing that could be done.
But it is already bringing more problems than solutions ”.
The Vatican Library shields itself against cybercriminals
The 200 worst passwords of 2020 (and how to make one safe and easy to remember)
Removing the password for Microsoft accounts is a relatively straightforward process.
As with other services, you have to download the Microsoft Authenticator application on your mobile, and link it to your personal Microsoft account.
Once this is done, visit account.microsoft.com and choose the advanced security options and then enable passwordless accounts in the
Then approve the change from the Authenticator app and passwords at Microsoft will be history.
It is a process similar to that applied by Adobe.
A change that, by the way, is reversible.
Screenshots of the Microsoft Authenticator
Reino is of the opinion that we are indeed approaching a “passwordless internet”. At least from the user's point of view. “We will probably never completely eradicate them. These mechanisms are fine for things that interact with humans, but the internet is not just that, there are many systems in which this type of double or triple factor systems cannot be used (those in which the web sends, for example, an SMS code to confirm identity).
To show that someone is who they say they are, three traditional ways are used, explains Marta Beltrán, coordinator of the Degree in Cybersecurity Engineering at the Rey Juan Carlos University. “Something that only that person knows (like a PIN or password), something that only he or she has, like a key or card; or something that only she
, such as a fingerprint, her iris, her heartbeat, some gesture or a movement pattern. "None of these authentication methods are problem-free," he says.
What's the problem with passwords? "There is nothing that is 100% safe," Kingdom warns. "Against an attacker with resources, knowledge and motivation it does not matter what system you use." Users, in general, tend to have problems memorizing them, unless we use a password manager, which is not usually too easy to use. “This leads us to the majority of users using the same password for all services. For this reason, the preferred procedure for cybercriminals, once they have succeeded in hacking a password, is to try to enter other services using it ”.
Double or triple authentication can be a solution. "From a security point of view, the improvement is in using more than one authentication factor," says Marta Beltrán. It is called MFA (
, that is, computer access control in which a user is granted access if they present two or more proofs that they are who they say they are). "Thus, even if one is compromised, an impersonation does not necessarily occur."
Microsoft, obviously, is not the first company to have introduced these types of systems.
Adobe has its own authentication app to access the Creative Cloud (the company's network of creative programs, such as Photoshop, Illustrator, Premiere or After Effects, among others).
Google, Apple, and others are also working to reduce reliance on passwords.
Google Chrome allows you to log in without a password, and Apple's iOS 15 and macOS Monterey updates include the Passkeys feature since June, an anointing that it plans to extend to iPhone.
You can follow EL PAÍS TECNOLOGÍA on
or sign up here to receive our