Passwords are a nightmare to remember — but Microsoft thinks it has a way to do away with them for good.
The American tech giant has announced an alternative way users can sign into their Microsoft accounts, using only an app on their smartphones.
Instead of memorising a long and convoluted password, the user just installs the Microsoft Authenticator account. When they try and log in with their username, it sends a notification to the user’s phone.
All they have to do is tap to approve, and they’ve logged into their account — no password required.
“With phone sign-in, we’re shifting the security burden from your memory to your device,” Microsoft director Alex Simons wrote in a blog post. Your phone does the job of securing your device, in other words, so your brain doesn’t have to.
There’s limitations to this approach, of course. You need access to your phone, for a start — so if you lose it, or don’t always have access to it, you’ll need to remember a password as well to ensure you can still get into your account.
So maybe don’t forget them all just yet.
But it’s no surprise Microsoft is doing this. Passwords are a constant pain point in security, because people are absolutely awful at picking them. One analysis of leaked data found that the world’s most popular password is the depressingly easy-to-guess “123456”, followed by “123456789”, then “qwerty”.
These passwords are a security nightmare because it makes it relatively easy for hackers to break into victims’ accounts — and the problem is compounded because people re-use the same weak passwords over and over and over again.
If you re-use passwords, it means that if any one of your accounts gets breached, then all of your other ones are also vulnerable. Hackers frequently test stolen passwords against accounts on other services to see if they work — and everyone from Drake to Mark Zuckerberg has been hacked this way.
Experts instead recommend you use a strong, unique password for every account and service — storing them with a password manager app to relieve the strain of trying to remember them. (And with two-factor authentication enabled.) But it’s hard to get the message across to ordinary people (and even password managers aren’t immune to security issues), so it makes sense that companies like Microsoft are looking for alternatives to passwords.
Meanwhile, some companies are looking at far wilder password replacement tech. Everything from heartbeat recognition to lip-reading and edible identity-verifying pills is being experimented with — the aim being to finally kill off passwords for good.