Expert comment on Microsoft’s passwordless news
September 2021 by Thomas “TJ” Jermoluk, CEO and Co-founder of Beyond Identity
Following Microsoft’s news that a passwordless future is on the horizon, Thomas “TJ” Jermoluk, CEO and Co-founder of Beyond Identity comments the following:
“Any announcement that signals a move toward at least trying to take passwords out of circulation is a welcome move in the right direction. However, unless you completely eradicate the password as opposed to just using it less in the authentication process, sizeable risk still exists. There seem to be some devils in Microsoft’s details. When they announced passwordless in March, they didn’t actually let people remove the password, they just let them not use it. In fact, the user is still able to switch back and forth based on user preference. Not surprisingly, it’s also Microsoft account specific (hotmail.com and outlook.com domains) as it requires “the Microsoft Authenticator app installed and linked to your personal Microsoft account.” So, this can confuse users into thinking they are ‘passwordless’ when they are not.”