News, Technology, UX & Technology

The Problem with Passwords: Microsoft’s New Security Feature

Kenton Reynolds

Kenton Reynolds, Writer
@uxconnections

Microsoft are enabling users to stop using passwords and opt for safer and easier forms of authentication

Passwords cause problems. They are meant to protect accounts but are becoming increasingly easy to compromise whether that is through carelessness in a user’s choice of password (“password” is still the most common password in the world) or through a more engineered attack. With social media meaning we now post up our own background checks and history with constant updates for all to see as well as putting us into contact with anyone in the world, social engineering – a cyberattack carried out by investigating and manipulating someone to gain their personal information – becomes a much simpler process. 

In addition to this, CPU’s become more powerful every few years whilst reducing in size which means attackers become more competent if they use less personal forms of attack to gain your password. As the attackers advance, so must the level of protection which is why websites are consistently adding stricter rules to passwords including minimum numbers, multiple cases, minimum characters, minimum symbols and more. This leads to our passwords becoming more complicated, convoluted, and easy to forget with the most common password format being a memorable word, followed by a number and a symbol for example, ‘UXConnections1!’. With the course we are heading on, we will very soon be at a point where we use extremely long passwords as we add longer words, more numbers, and more symbols (the previous example quickly becomes ‘UXConnections1234!?&’ as we add complexity) that become harder to remember without being that much harder to crack.

One solution to the problem is to create a passphrase rather than a password. Replacing our previous example with ‘DigitalExperienceYourUsersWillLove’ makes a new passphrase that is much easier to remember whilst increasing complexity without the need for lots of symbols and numbers. This is now recommended by the FBI as the best way to create a memorable and complex password. 

Logins are changing for Microsoft platforms

Another alternative, the one that Microsoft is opting for, is multi-factor authentication (MFA). This involves logging into one application or website and then using another source (a text, email, phone call or purpose-made app) to confirm your identity. At first this may not seem so secure as you no longer need a code to get into your account, however access to your phone is generally very secure which means that texts, calls, and apps are safe. Emails, whilst available on more devices, should also be secure as usually this is the typical method for password resets which is effectively logging in without a password. MFA protects against anyone logging into your account who does not have access to your other devices or accounts.

You may have already noticed these methods creeping into your technological life over the past few years – especially during lockdown. Many organisations now require employees to use this to login to professional accounts as well as a lot of major tech companies (Google, Microsoft, Apple) will request MFA when you log on from a new device for the first time.

Image Courtesy of Microsoft Corporation: Workers and Learners are flocking to online platforms like Teams for remote working

It is no coincidence that this has come to fruition during a pandemic whilst more people than ever are working from home. More remote working leads to more surfaces which has two important effects. It has provided a larger capability for MFA whilst simultaneously meaning that everyone is more susceptible to attacks. Microsoft’s long drive towards a password-less platform has had a rocket fuel injection with a much more immediate need for better security as well as a more engaged audience.

For those wishing to switch to MFA, you need to download the Microsoft Authenticator app and link it to your personal account. Then go online to your Microsoft account settings online and opt to remove passwords.

Microsoft are showing us the way forward in cybersecurity and this definitely feels like it could be an entire industry shift. MFA is more secure and easier than passwords which have been growing considerably more inconvenient over recent years. The next step will be to see if other tech giants follow them.

Subscribe to the Blog
Join for the latest tech, design and industry news straight to your inbox.

Our UX team designs customer experiences and digital products that your users will love.

Follow Us