Microsoft is trying to kill passwords in Azure AD application

Microsoft are quietly trying to eliminate passwords, the company has made an announcement that users of Windows 10 and Office 365 can now login into Azure AD Applications using the Microsoft Authenticator Application.

Which applications are using Authenticator?

At present Windows 10 and Azure AD users log into their Microsoft accounts using their email address and password combination which requires users to enter credentials of their Microsoft account.

Once the user has logged into the account all future logins will appear as a pop-up asking the user to approve the notification that will pop-on on the mobile device. Microsoft has finally decided that the Authenticator will be made as the primary method to login for users.

Google has also been trying to make the same move. The new Microsoft Authentication is helpful in

  1. Preventing Phishing attacks since the account doesn’t depend on passwords.
  2. Faster Login codes with no more sending the text message from the company’s server.

There may be cases where the user loses their phone, if the smartphone isn’t secured it would be a problem for the new authentication system.

How does the App Work?

The app asks for the user’s FacialID or TouchID in order to generate the Authentication code, in Android its a simple 4-digit pin, to  turn-on the Authenticator application one must secure their smartphone first. A different process would be keeping a physical token such as a YubiKey which adds the FIDO2/WebAuthn support for the emerging standard. WebAuthn is not limited to Microsoft and can be used for a number of websites.

Take your time to comment on this article.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients