Microsoft working to make passwords obsolete

29 Dec 2017

Microsoft wants to make passwords obsolete and the starting point of the initiative is at its headquarters.

The majority of the company's workforce does not use passwords, at least when it comes to logging in to their Windows PCs, according to Bret Arsenault, corporate vice president and chief information security officer at Microsoft. They have been using Windows Hello for Business, which integrates with the Azure Active Directory authentication service.

Arsenault said in a blog post, dated 26 December that all the company's 125,000 employees will "go completely password free."

Windows Hello, a biometric authentication technology ships with Windows 10 and allows users to access their machines and compatible apps using fingerprint readers, facial recognition scanners and even iris scans. According to Microsoft outside the organisation, among Windows 10 users with compatible biometrics hardware, 70 per cent use Windows Hello in place of regular passwords.

However, the company's claims of a faster and enterprise-grade alternative technology to inputting a password, were recently found to be inaccurate.

German cyber-security firm SSyS announced on 18 December that it had tricked Windows Hello to gain access to a Surface Pro PC with a printout. In compatible systems, the technology uses infrared sensors to detect the presence of a live user in front of the camera, however, the company was able to bypass the safeguard with a modified, low-resolution printout of an IR scan.

In another development, Microsoft has filed a lawsuit against an IP address that allegedly attempted to activate a pirated copy of Windows and Office.

According to a GeekWire report the court documents mentioned a particular New Jersey based IP address. The person behind the IP address has allegedly tried to activate over 1,000 copies of the unlicensed Microsoft software.

''During the software activation process, Defendants contacted Microsoft activation servers in Washington over 2,800 times from December 2014 to July 2017, and transmitted detailed information to those servers in order to activate the software,'' claimed Microsoft.