Microsoft have announced their intention to do away with passwords on Windows 10. When are they starting? Well, right now, they’ve already begun to introduce new features that will help you go passwordless. Microsoft aren’t keen on passwords because they believe they can be hard to remember, hacked, or even stolen. With Windows 10 having a user base of 800 million any security change is going to have huge implications for organisations and individuals world-wide.
No more password expiry
In the May Windows 10 update Microsoft surprised everyone by dropping the recommendation for passwords to have an expiry date in the baseline security settings. Those baseline security settings are pretty important as they consist of a whole array of security policies that businesses can apply straight out of the box when rolling out Windows 10. The security settings are extremely popular because they provide a good starting point for organisations in their bid to tighten Windows 10 security. Scientific research has debunked the effectiveness of password expiry and the United States National Institute for Standards and Technology (NIST) has recommended password expiration be dropped from security policy as far back as 2016. Forcing people to change expired passwords every 60 days often results in users selecting the simplest, and most easily remembered passwords. Who hasn’t resorted to the incremental numbering of passwords when faced with a password expiry notification. Those who haven’t are in the minority it’s simply human nature.
If you can’t beat them go passwordless
So, what’s the solution if you’re not going to be using passwords? Microsoft claim that a PIN code is a much more secure method of security. Whilst a four-digit PIN code may appear far less secure it can be stored on the device and is crucially not shared online. Whilst servers can be compromised and passwords hacked a device based Windows PIN remains unaffected. You can see the logic.
With the latest Windows 10 update you can even initiate a Windows 10 login with a phone number and a Microsoft Account. Simply create a Microsoft Account using a phone number instead of a username. This will prompt a confirmation code to be sent to your mobile phone to prompt a login. Once you’s logged-in you have the option of using Windows Hello facial recognition or a PIN code for passwordless login.
The future is passwordless you just need to avoid using 1,2,3,4.