Wednesday, August 16, 2017

How does the Microsoft Authenticator application affect password use?

Protecting passwords has always been a thorn in the side of security practitioners looking to secure their organizations. The call to kill passwords has been out there for years and, recently, Microsoft took a stab at it by limiting password use with new phone-based sign in available on the Microsoft Authenticator app.

As the iconic comic XKCD says, "Through 20 years of effort, we've successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess." Truer words have never been spoken.

With similar concerns today, National Standards and Technology (NIST) came out with new guidance that included making passwords longer, not necessarily as complex and rotating them only as needed to reduce the risk of forgotten and poorly created passwords. With these changes, people have moved toward two-factor authentication, configured on as many accounts as possible, to increase the security of passwords with a second factor, and it's here that Microsoft improves the idea of using a second device for authentication even more.

By downloading the app for either iOS or Android, users logging into Microsoft applications are able to sync their mobile device as a way to authenticate the login request to the particular application. By selecting the type of account being used for logon, the mobile app can be configured to receive a validation each time a user logs into a program that's been configured to use Microsoft Authenticator. Read the rest of my article at the link below:

No comments:

Post a Comment