RALEIGH – Microsoft Security Architect David Branscome told NC TECH Conference attendees on Thursday that he hasn’t used a password at Microsoft in over a year and a half.
“When I log in, it’s either my face, or my finger, or whatever, but it’s not my password,” said Branscome. “I don’t even remember what my password is. That is a beautiful thing.”
On stage during a Cloud & Cybersecurity panel, he spoke about a passwordless future, referencing last week’s announcement that Microsoft, Google and Apple will support FIDO, a passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium.
“The new capability will allow websites and apps to offer consistent, secure, and easy passwordless sign-ins to consumers across devices and platforms,” the FIDO Alliance in a statement.
“So you can do FIDO authentication, using your smartphone, to authenticate to your laptop,” said Branscome. “That’s huge, right?”
The FIDO Alliance is supported by over 250 companies—not all tech companies—and is the organization behind the passwordless specification, which leverages mobile devices or physical security keys as authenticators (rather than passwords) to log into accounts
“Once we get away from this encumbrance of having to use a password, we can do a lot more,” said Branscome.
Why Passwordless? Because of Security
“The standards developed by the FIDO Alliance and World Wide Web Consortium and being led in practice by these innovative companies is the type of forward-leaning thinking that will ultimately keep the American people safer online,” said Jen Easterly, Director of the U.S. Cybersecurity and Infrastructure Security Agency, in a statement about big tech’s support of the FIDO standard.
According to Verizon’s 2020 Data Breach Investigation Report, up to 81% of data breaches are caused by weak passwords or reused passwords.
“By working together as a community across platforms, we can at last achieve this vision and make significant progress toward eliminating passwords,” said Alex Simons, Corporate Vice President, Identity Program Management at Microsoft, in the statement. “We see a bright future for FIDO-based credentials in both consumer and enterprise scenarios and will continue to build support across Microsoft apps and services.”
As big tech makes cloud computing headlines, NC TECH group asks: ‘What’s next?’