Microsoft waves goodbye to passwords
No password, no problem!
With the introduction of their new phone sign-in option, Microsoft has found a creative way around having to enter a password to access your Microsoft account. By using the Microsoft Authenticator app (currently available for iOS and Android), users can authenticate their accounts on their smartphone instead.
The app has been available for a while as a part of their standard two-factor verification, but now users can bypass the first step of that (the password) in favor of a more direct form of approval.
While it doesn't fit within the framework of what we've grown to know as two-factor verification, Microsoft still consider this two factors since the user would need access to the phone AND a means to unlock the phone (password, PIN, fingerprint).
How it works
To enable phone sign-in on your device, simply install the Microsoft Authenticator app, tap the account tile, and enable phone sign in. The app will auto configure the account from there (prompting you for additional info on Android).
Now, whenever you sign into your account you'll just need to enter your username and a notification will be sent to your phone for you to approve. It's that simple.
Yes but is it safe?
Passwords are only one of many means of safeguarding your information from others. Verifying from your phone eliminates the possibility of someone phishing your password or otherwise hacking their way into your account remotely. Since the feature requires your phone be locked with a password, PIN, or fingerprint anyway, even losing your phone keeps your account safe.
To be fair, some concerns have been raised recently over the level of security that fingerprint scanners actually provide. According to a study by New York University and Michigan State University published in IEEE Transactions on Information Forensics and Security in April 2017, smartphone fingerprint scanners only store partial prints, and when a partial print is matched, the device unlocks. This means that, while no two fingerprints are alike, there is a chance that a partial print could match and bypass your phone's security. There is even a way that a "master print" can be made which will contain very small partial matches for up to 65% of fingerprints. That's not to say that it's easy to unlock via this method, but it is possible.
For more on that study, head to NYU's recap.
Why no Windows 10 mobile support?
At the time of this blog post, Windows 10 mobile is not supported, only Android and iOS. Microsoft has said that if it is successful enough on those platforms, they will evaluate whether it's worth developing for Windows 10 mobile as well. Even though W10M is their own proprietary mobile OS, the current market share of less than 1% means they're probably in no rush to support the platform, ironic as that may seem.
What do you think about Microsoft's bold new move? Is it really the next step for account authentication or will too many users prefer the old method of actually entering a password? Let us know in the comments.
Sean McMillan is Arienne Associates' marketer, blogger, and all-around good guy.