Source URL: https://www.forbes.com/sites/zakdoffman/2024/12/13/microsoft-confirms-password-deletion-for-1-billion-users-attacks-up-200/
Source: Hacker News
Title: Microsoft Confirms Password Deletion for 1B Users
Feedly Summary: Comments
AI Summary and Description: Yes
Summary: Microsoft is pushing for the adoption of passkeys as a secure alternative to passwords, citing a rise in password-related attacks. The company highlights the strong security benefits of passkeys, which are resistant to phishing attacks and improve user experience. The transition to a passwordless future aims to enhance security for over a billion users while tackling the challenge of changing established behaviors.
Detailed Description:
Microsoft has announced significant changes in the way users will authenticate themselves, aiming to phase out passwords in favor of passkeys. The rationale behind this shift includes alarming statistics on the increasing rate of password-related attacks, such as:
– Microsoft is blocking approximately 7,000 password attacks every second, nearly double from the previous year.
– Adversary-in-the-middle phishing attacks have surged by 146% year over year.
To counter these threats, Microsoft emphasizes the superior security provided by passkeys, as they offer:
– Enhanced user experience: Users can log in faster using biometric methods like face or fingerprint recognition, or through a PIN.
– Reduced susceptibility to common attacks: Unlike passwords, passkeys are designed to be resistant to phishing and other forms of manipulation.
– Elimination of forgotten passwords and one-time codes that complicate user access.
The trend toward adopting passkeys has been notable, with the FIDO Alliance reporting a 50% rise in passkey awareness from 2022 to 2024. Microsoft is focusing on overcoming the final challenge of convincing the last group of users resistant to changing their long-standing login habits.
Key points from Microsoft’s transition strategy include:
– A streamlined sign-in process: Signing in with passkeys is reported as three times faster than using traditional passwords and eight times faster than using both passwords and multi-factor authentication (MFA).
– High completion rates: 99% of users who begin the passkey registration process finish it.
– A three-step adoption approach: This involves starting with small, manageable steps, experimenting with various strategies, and then scaling up efforts to encourage widespread adoption.
Microsoft acknowledges that even once users switch to passkeys, accounts remain at risk if both a passkey and a password are active. The ultimate aim is to eliminate passwords entirely and ensure that accounts rely solely on phishing-resistant credentials linked to the user’s physical hardware.
– **Key Takeaway**: The shift towards passkeys heralds a new era in user authentication, focusing on enhanced security methods that align with biometric technology, while also actively addressing the cybersecurity challenges posed by password reliance.
This move has significant implications for security professionals, as adopting passkey technology could reduce the risk of unauthorized access, facilitating better compliance with security regulations and standards.