Microsoft Wants You to Go Passwordless, but Should You? GA S REGULAR Menu Lifewire Tech for Humans Newsletter! Search Close GO News > Internet & Security

Microsoft Wants You to Go Passwordless, but Should You?

Fingerprints are the key

By Sascha Brodsky Sascha Brodsky Senior Tech Reporter Macalester College Columbia University Sascha Brodsky is a freelance journalist based in New York City. His writing has appeared in The Atlantic, the Guardian, the Los Angeles Times and many other publications. lifewire's editorial guidelines Updated on December 22, 2020 10:01AM EST Fact checked by Rich Scherr Fact checked by Rich Scherr University of Maryland Baltimore County Rich Scherr is a seasoned technology and financial journalist who spent nearly two decades as the editor of Potomac and Bay Area Tech Wire. lifewire's fact checking process Tweet Share Email Tweet Share Email Internet & Security Mobile Phones Internet & Security Computers & Tablets Smart Life Home Theater & Entertainment Software & Apps Social Media Streaming Gaming

Key Takeaways

Next year, more people should delete their passwords and start using biometric logins like fingerprint scanners, Microsoft said recently. Microsoft is promoting Windows Hello, a biometrics scanning tool that lets you log in to Windows 10 with your fingerprint. Cybercrime costs the global economy $2.9 million every minute, with roughly 80% of those attacks directed at passwords. Chaiyawat Sripimonwan / Getty Images Get rid of your passwords and start using biometric authentication like fingerprints and face scans, Microsoft says. Not so fast, some security experts retort. Next year, passwordless logins should be the standard, Microsoft said recently on its security blog. The company is touting Windows Hello, a biometrics scanning tool that lets you log into Windows 10 with your fingerprint. But some observers say that you should hesitate before greeting Hello with open arms. "The use of biometrics as described in Microsoft's plans are promising, but we should all exercise caution with new versions and implementations of biometric authentication, as we learned when researchers demonstrated that early iterations of Apple's FaceID could be fooled," Phil Leslie, the co-founder of cybersecurity firm Havoc Shield, said in an email interview. "Would I trust Microsoft's biometric approach with passwords to a free web app without any payment information in it? Probably. Would I use it for my bank account at this moment? Not yet."

Let Your Fingers Do the Talking

Instead of passwords, Microsoft says it thinks users would be better served by using biometric security devices such as those that scan fingerprints or the shape of your face. Microsoft’s own Windows Hello software offers this option. The number of consumers using Windows Hello to sign into Windows 10 devices instead of a password grew to 84.7% in 2020, up from from 69.4% in 2019, according to the Microsoft security blog post. Yuichiro Chino / Getty Images To drive home the message that going passwordless is better, Alex Simons, corporate vice president of Microsoft identity program management, points out in the blog post that cybercrime costs the global economy $2.9 million every minute, with roughly 80% of those attacks directed at passwords. "Passwords are a hassle to use, and they present security risks for users and organizations of all sizes, with an average of one in every 250 corporate accounts compromised each month," he added.

Convenient but Not More Secure

But users should keep in mind that while passwordless solutions like Microsoft Hello may be more convenient, they don’t increase security. "At the end of the day, a password is still required to protect the accounts," Craig Lurey, co-founder and CTO of password management provider Keeper Security, said in an email interview. "Cybercriminals know this, and they can still access the device or app by skipping the biometric authenticator and testing weak or re-used passwords. They also target account recovery, which uses passwords and security questions." Would I trust Microsoft's biometric approach with passwords to a free web app without any payment information in it? Probably. Would I use it for my bank account at this moment? Not yet. Mobile devices, particularly smartphones, are frequently the authentication device used as part of passwordless infrastructure. Users need to make sure the device is free of malware before they allow access, Hank Schless, senior manager of security solutions at cybersecurity firm Lookout, said in an email interview. "A compromised mobile device could allow an attacker access to your infrastructure if they’re able to take advantage of the device being used as a form of authentication," he added. There are alternatives to Microsoft's Hello if you are looking to do away with passwords. One solution is the app Nuggets, which uses a one-time onboarding process. By scanning a government-issued ID (like a passport or driving license) and completing another check, consumers can simply access any site or app with their biometrics. There’s no need for a username or password—at any level. And no passing of personal data of any kind at login. Even if passwordless is widely implemented, it’s not the silver bullet to solve all user login security issues, Schless said. "Mobile phishing will still be an issue," he added. "Even if it’s less focused on credential harvesting, you still need to secure your employees from phishing links that deliver malware to the device." Passwords may be a hassle, but they are tried and trusted technology. Microsoft’s proposed biometric solutions may not be for everyone. Was this page helpful? Thanks for letting us know! Get the Latest Tech News Delivered Every Day Subscribe Tell us why! Other Not enough details Hard to understand Submit More from Lifewire Why Incognito Mode May Not Be Private and What You Can Do About It What Is Windows Hello? How to Set Up and Use Touch ID, the iPhone Fingerprint Scanner What Are Biometrics? The 10 Best Password Managers of 2022 How to Set Up and Use Microsoft 365 MFA Your Guide to User Account Settings in Windows 11 How to Unlock a Tablet How to Lock the Microsoft Surface Laptop 4 How to Show Passwords in Chrome How to Use Touch ID on iMac How to Share Wi-Fi Network Passwords in Windows 10 How to Remove Your PIN From Windows 10 How to Lock Apps on Android How to Create a Strong Password How to Set or Change Your iPad Passcode and Fingerprint Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Cookies Settings Accept All Cookies