Microsoft (MSFT) wants to get rid of passwords, a top executive calls them an “inherent risk” to security.
As part of its annual Ignite conference, the tech giant announced Tuesday that it will allow enterprise customers using Azure Active Directory, Microsoft’s cloud authentication platform, to replace passwords with biometrics to secure work accounts.
“If there are passwords, there is an inherent risk to the organization,” Vasu Jakkal, Microsoft corporate vice president of security, compliance, and identity marketing, told Yahoo Finance.
“We continue to see passwords as a major risk to organizations,” Jakkal said. “And the average email address is associated [with] I think more than 100 accounts now. That means that every time one email address is compromised, you put all these accounts at risk.”
Microsoft wants business users to instead log into their corporate accounts with facial recognition software such as Windows Hello for Business, fingerprint scanners, the Microsoft Authenticator app, or a FIDO 2 (fast identity online) option such as a physical USB key.
Jakkal points out that users have to write down passwords or store them online to remember them, which in itself is a security concern. In addition, attackers can use methods such as password spraying in hopes of finding the right combination and breaking into users’ profiles.
Microsoft has recently made security a bigger part of its corporate narrative. In January, CEO Satya Nadella told Yahoo Finance that there is currently a “major crisis” in cybersecurity. He spoke to Yahoo Finance in the month following a massive hack of government agencies and companies involving the software company SolarWinds.
In that incident, software updates for SolarWinds’ network monitoring tools were compromised by suspected Russian hackers. That hack then allowed the attackers to break into the systems of major government organizations, including the Treasury Department.
Microsoft, which Nadella said made $10 billion in security products over the past 12 months, helped investigators identify victims and determine the extent of the hack. “I was most proud that we became the first responders to this attack,” Jakkal told Yahoo Finance in January. “We were the defenders that other defenders turned to.”
Microsoft official: ‘We continue to see passwords as a major risk’ for businesses