• While the evolution of passwords has been happening for years, Microsoft is taking things a step further by allowing users to go passwordless.  
  • Now, instead of entering a password, you can sign in to your Microsoft accounts using the Microsoft Authenticator app, Windows Hello biometric access tool, a security key, or a verification code sent by text message or email. 
  • While the Identity Theft Resource Center (ITRC) expects this trend to continue, we recommend people wait a little bit longer before going with no passwords.  
  • The ITRC believes fewer passwords is a good thing. However, going passwordless on one account or a series of accounts is more likely to lead to a false sense of security for those accounts that still require traditional passcodes. 
  • To learn about recent data breaches, consumers and businesses should visit the ITRC’s data breach tracking tool, notified.  
  • If you believe you are the victim of an identity crime or a data breach, contact the ITRC. Call toll-free at 888.400.5530 or live-chat on the company website www.idtheftcenter.org.   

A Password by Any Other Name 

Welcome to the Identity Theft Resource Center’s (ITRC’s)Weekly Breach Breakdown for September 24, 2021. Our podcast is possible thanks to support from Experian. Each week we look at the most recent events and trends related to data security and privacy. This week we revisit a favorite topic that’s been in the news lately – passwords and a passwordless future.  

In Shakespeare’s Romeo & Juliet, our tragic heroine claims she would love her beau no matter who he was by saying, “A rose by any other name would smell as sweet.”  The same cannot be said in our modern times of something with which we all have a love-hate relationship: the password. 

The Evolution of Passwords 

Designed to keep our innermost secrets and personal information safe from prying eyes, passwords have become the holy grail for identity thieves. More valuable than a Social Security number, more sought after than a credit card number.  

Passwords started as simple six or seven-letter codes and have grown into a jumble of letters, symbols and numbers that can span up to 32 characters. For decades, Password123 has been the most popular password in the world until being passed over by Password123456. 

Microsoft Transitions Towards World with No Passwords 

Now comes news that Microsoft has started down the passwordless path, killing passwords as we know them. You can now remove passwords from your Microsoft accounts to embrace a world with no passwords. However, like in Star Trek: The Undiscovered Country, “just because you can do a thing does not mean you must do that thing.”  

Microsoft has been working toward a passwordless future for years. In fact, nearly 100 percent of Microsoft employees have no passwords. Since Microsoft rolled out passwordless authentication for commercial users in March, more than 200 million people worldwide have switched to one of the alternate ways of logging in.  

Users Can Now Use Different Tools to Sign in to Their Accounts  

Now, instead of entering a password, you can sign in to your Microsoft accounts using the Microsoft Authenticator app, Windows Hello biometric access tool, a security key, or a verification code sent by text message or email.  

Should You Go Passwordless? 

For most people, the answer is not yet. Make no mistake, reducing the use of passwords is a very good thing. Cybersecurity researchers estimate there are more than 575 password attacks every second – that’s 18 billion attacks in a year. However, having no passwords on one account or a series of accounts is more likely to lead to a false sense of security for those accounts that still require traditional passcodes.  

Unless you are extremely tech-savvy and very comfortable with a multi-layered cyber security scheme, the ITRC recommends you follow this trend, not lead it. With that said, if you do want to jump into the deep end of the passwordless pool, Microsoft has made it relatively easy to do – and undo later if you change your mind. First: 

  1. Download the Microsoft Authenticator mobile app to your phone and link it to your personal Microsoft Account. Then; 
  1. Visit account.microsoft.com and choose advanced security options. Finally; 
  1. Enable passwordless accounts and approve the change from your Authenticator app. You now have no passwords when it comes to Microsoft.  

Once you have linked your accounts to the Authenticator app, you will be asked to enter a PIN or a time-based code to unlock your account each time you log in.  

If you go passwordless using the Microsoft Authenticator app, your mobile device will be an even more vital part of your daily routine. Be extra careful not to lose your phone and keep it locked in case it’s stolen. That way, thieves can’t easily access your personal information stored on the phone. 

For non-Microsoft users, Google and Apple are also working on technology that will allow you to eliminate or reduce the use of passwords. 

Contact the ITRC 

If you think you have been the victim of an identity crime or a data breach and you need help figuring out what to do next, you can speak with an ITRC expert advisor on the phone (888.400.5530), chat live on the web or exchange emails during our normal business hours (6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.  

Thanks again to Experian for supporting the ITRC and this podcast. Check out our latest episode from our sister podcast, The Fraudian Slip, where we talk about credit freezes with the founder of Frozen Pii. We will be back next week with another episode of the Weekly Breach Breakdown.