In this series, Microsoft identity team members share their reasons for loving passwordless authentication (and why you should too!). Today, Alex Weinert continues this series.
In previous blogs in this series, we shared how passwords lead to breaches, lost productivity and support calls. I also shared how biometrics local to each device provide a secure and convenient way to authenticate with a simple gesture from the user.
Your identity companion, the Microsoft Authenticator app, is a great example. It allows you to sign into your Microsoft identities (personal, work or school) by responding to a notification with a quick scan of your face, swipe of your finger or entry of your phone passcode. By combining your device and the biometric, it is not just simpler than a password, but inherently multifactor.
Most of us keep our mobile phone in easy grabbing distance, no matter what we’re doing. Using Authenticator on your mobile phone, you can easily approve sign-ins on any device and into any app. There is no password to type, SMS code to round-trip, or robocall to answer! Moreover, security measures such as matching a number at the time of approving a sign-in help prevent accidental approval, and the app can provide context and security notifications much richer than anything possible in text messages.
Figure 1: Number matching experience
If you have a smart watch, you don’t even have to take your phone out of your pocket while logging into your Microsoft account. (Every time I approve on my watch I feel like I am an extra in a cool sci-fi series – when my kid saw me do it, he finally thought Authentication was cool!)
For enterprises, when most of your workforce is remote, Microsoft Authenticator can be one of the easiest and fastest mechanisms to rollout. It is also the most cost effective. Users can download the app on their phones and setup an account in seconds. There is no additional hardware to carry and you can approve sign-ins on any device in the world. Passwordless authentication with Microsoft Authenticator also meets NIST 800-63 Authentication Assurance Level 2.
For end-users, the authentication experience matters the most. Microsoft Authenticator is one of the most highly rated authenticator apps in the world. As of February 2021, it tops its peers with a rating of 4.8 stars on Apple App store and 4.7 stars on Google Play store. Authenticator provides users great security with convenience and we are constantly innovating it with new capabilities.
In summary, Microsoft Authenticator may be the easiest and most affordable way to go passwordless for you and your users. There is no additional hardware to carry, passwords to remember or type, SMS to copy or phone calls to attend while signing in. You tap a notification, provide your biometrics and you are logged into any device you want. All this with secure multifactor authentication.
Stay tuned for more in the series! We’ll share how passwordless credentials can protect you from top attacks and we’ll dive into setup and recovery of passwordless credentials.
Check out the other posts in this series:
Learn more about Microsoft identity:
Share product suggestions on the Azure Feedback Forum
Authenticator App is great! Unfortunately some users refuse to install such app on their personal mobile phone.
Any tips to convince them?
It depends on their reasons:
- They just don’ t want anything from work on their personal mobile phone
- They fear to be monitored by their employer
- They fear to leak some personal info to Microsoft
for 2. and 3. you can explain them that no personal information is shared with Microsoft. Authenticator does not need any sort of employer management of the phone (not like possibly some M365 apps) etc..
Some great info – following this series of posts.
Can I just check is passwordless with Azure AD now generally available and fully supported? If not any ideas when it will be, it is difficult to progress with a production deployment without that support – particularly for something as important as authentication..
© Microsoft. This article was originally published by Microsoft Azure Active Directory Identity Blog. You can find the original article here.