Q&A with Microsoft's security CEO, Vasu Jakkal, about staying passwordless

Q&A with Microsoft's security CEO, Vasu Jakkal, about staying passwordless ...

Microsoft, Apple, and Google have unveiled plans to broaden the use of the FIDO protocol and to provide passwordless login options to billions of users, including a fingerprint, a face, or a smartphone number.

There has been a slew of speculation over how the world of passwordless authentication will compare to the era of password-based authentication, with some commentators suggesting that the FIDO is always contemplating killing passwords entirely.

The idea of removing passwords is a good idea for security teams, because it prevents cybercriminals from becoming able to collect passwords and login credentials and reduces the dangers of data breaches caused by phishing scams, brute force hacks, and business email compromise.

The following is a edited transcript of the interview.

Jakkal: Most enterprise consumer accounts attack with fuzzy passwords. Microsoft discovered 579 password attacks every second in just one year. This number has increased to 921 per second, totaling 79.3 million attacks per day.

In a survey we conducted last week, nearly one-third of people said they had completely taken off using an account or service rather than dealing with a lost password.

As a result, these systems are insecure and dangerous for both individuals and businesses. We encourage individuals to go passwordless on their Microsoft account and use passwordless login whenever it is possible.

Jakkal: Passwordless authentication services provide customers with a more secure, simple and fast way to authenticate their accounts. Instead of putting attackers out, weak passwords often provide a way inside. While utilizing simple passwords across several accounts might make our online life easier, it also leaves the door open.

Attackers are often looking for birth dates, vacation spots, pet names, and other personal information they know about them to create easy-to-remember passwords.

Our analysis revealed that 68 percent of people use the same password for different accounts, putting you at greater risk.

Once a password and an email connection have been compromised, it is often sold on the dark web for use in subsequent attacks. As my friend Bret Arsenault, our chief information security officer at Microsoft, likes to say, hackers don''t break in, and they log in.

Jakkal: Microsoft recommends password-loss methods, such as Windows Hello and other FIDO credentials, to be phishing resistant. They use cryptography to exchange keys and are bound to the hardware. This reduces the chances of a BEC and phishing threats to nearly nothing.

Here are a few tips on how to phishability by our security researchers: all your certificates are from us! Microsoft Tech Community

Jakkal: As a result of our Microsoft Digital Defense report, password attacks are expected to continue for a long time, but we are always looking at where they might arise.

One area that we have been working on since early in our password-loss journey is the possibility of session token theft. Last fall, we published new detections to assist protect against token theft.

A conference called the RSA will feature Microsoft CEO Pam Dingle on this topic.

Windows Hello, FIDO credentials, and Smartcards are incredibly difficult to crack. That said, we strongly advise customers to adopt a zero-trust habit of assume breach, because you cannot never guarantee 100% security.

The use of passwordless credentials in certain organizations should be aware of in certain areas.

Temporary access passes are one of the solutions we have developed to assist with the initial setup or recovery of an account, ensuring that users can remain safe and passwordless at all stages.

Jakkal: Yes, check out our helpful resources on this blog, including the deployment guide, and a conversation with our CISO and CO on how we implemented passwordless at Microsoft: three key resources to help you navigate your passwordless journey Microsoft Security Blog. You can also see our latest customer stories here.

You may also like: