In most yearly prediction articles there’ll be something about passwords. They’ll be obsolete soon, even the most encrypted passwords aren’t secure, we’re all going to die etc.
Passwords somehow still cling on. Even though we’ve still got to remind that one family member that their cat’s name isn’t a secure password. No matter how encrypted the password is, or how many factors of authentication we use, passwords can still be hacked and misused.
Microsoft’s chief information security officer, Bret Arsenault, revealed that the password using age might be soon coming to an end.
Windows Hello, Microsoft’s facial recognition technology, is now being used by a majority of the company’s 125,000 employees to log into their computers. They hope to be completely password free soon. Of course, Microsoft is championing their own security technology, but is this something that could replace passwords entirely?
Arsenault said “For several decades, the industry has focused on securing devices […] but it’s not enough. We should also be focused on securing individuals. We can enhance your experience and security by letting you become the password.”
Facial recognition technology hasn’t come without its criticism though. Windows Hello stores biometric data about the user, which has to be stored somewhere. Is this data secure? But more concerning is that recent research found that Hello could be spoofed by an infra-red photo of the account holder. Wow, secure.
Not over yet
So, with so much uncertainty still surrounding facial recognition, is it too soon to jump the gun on passwords? Password managers are useful for creating obscure passwords and storing and encrypting them, but some security bods would say that this isn’t enough.
Microsoft claims that 70% of customers use Windows Hello to log into their devices, but there’s got to be a reason why the remaining 30% don’t.
Answers in the comments.