Why delete passwords is progress in terms of security?

Microsoft has just made available a tool allowing access to its Outlook account without password.A method which, contrary to what one might think, is more secure than our old "azerty" or "worddapasse123"

You will soon be able to do without your password to connect to your Outlook mailbox or your OneDrive storage space.Microsoft announced on September 15, 2021, the deployment of an identification solution without password.

The dangers represented by passwords for computer security are largely documented.They are often too simple, reused on several services and easily devinable.Result, pirates have no trouble entering accounts that do not belong to them.

No password: why is it more secure?

To counter this old phenomenon as the Internet, Microsoft therefore wants to put passwords behind us and offer new ways to identify oneself.

Obviously, the company offers biometric authentication via Windows Hello (facial recognition or fingerprint reader), but it is also possible to use the Microsoft Authenticator application, a U2F safety key, or even a code of verification codeReceived by SMS.

To replace your password, Microsoft offers you to use your phone // Source: Microsoft

It may seem counter-intuitive, but getting rid of your passwords is actually one of the best things you can do to secure your web accounts.By resting on an external authentication factor, rather than a password, you no longer leave the possibility of malicious Internet users to guess your password, or to extract it via phishing campaigns.

Only connection approval from your phone or from a secondary email address allows you to identify yourself.It offers you more control.The probability that a hacker also has access to your phone is not zero, but it is weak.That’s why two -factors authentication is so largely recommended today.

To summarize, by eliminating the password, Microsoft eliminates the human factor (and all its weaknesses) from the identification logic.

A philosophy that has its limits

"Low passwords are the entry point for the majority of attacks on business accounts and personal accounts," said Vasu Jakkal, a security official at Microsoft.Microsoft is not the only one who wants to get rid of passwords.During the WWDC 2021, Apple presented its Passkeys system which proposes to identify itself via a biometric data rather than via a password.

The question that arises is: what if I have my phone stolen?Well, according to Microsoft's questions, if you can no longer identify with the Authenticator app, you can always use a secondary email address to identify you.Or an SMS code if you have access to your phone number.

Unfortunately, this philosophy also has its limits.If your recovery email address is protected by a password, then the manipulation is not very interest.In addition, some devices have been designed around authentication via password.Microsoft Writing Black On White: its Xbox 360 does not support authentication without password.

We can salute the effort made by Microsoft to try to secure at least access to its services.However, as long as all web players do not synchronize to offer alternative solutions to passwords, there will always be a risk.