Will You Be One of 800 Million Users Whose Windows 10 Passwords Will Be Replaced by Microsoft?

The short answer is NO. No one will replace or delete your Windows 10 password if you do not want that. At least, not yet. That being said, Microsoft is definitely trying to get rid of passwords because they are not secure, and hackers can breach them, sometimes without putting much effort at all. Although Microsoft declared that with the new Windows 10 May 2019 Update release – which started rolling out on May 21 – we are one step closer to a world without passwords, it is still hard to say how quickly the users will adapt and make a switch. If we know one thing, it is that people do not like change, especially when they do not understand what is going on. If you too feel like you need more information, continue reading to learn more about Microsoft replacing Windows 10 passwords.

Why did Microsoft choose to get rid of Windows 10 passwords?

Windows is the most popular operating system in the world, with over 75% of the entire global market share. Windows 10 is the latest version of this OS, and it is also the most popular one amongst users. According to the latest information, 55.9% of all Windows users run Windows 10. With older versions phasing out, the popularity of Windows 10 is bound to grow as well. Microsoft – just like most companies across the globe – is getting more and more concerned with virtual privacy and cyber security. And rightfully so as cyber attackers are becoming more aggressive, while users still rely on old security methods. While strong passwords can be created, most users set weak Windows 10 passwords without even realizing it. This is why Microsoft is now pushing users to rely on different authentication methods. Windows Hello, for one, enables Microsoft to replace Windows 10 passwords with facial recognition and fingerprints, as well as PIN codes. This technology was created with the standards set by the FIDO Alliance in mind.

There is no doubt that the digital world is moving steadily towards biometric authentication because it is still the better alternative to passwords. While forging fingerprints and other biometric traits is possible, that is not yet common practice, and the chances of getting a weak password breached are much higher than having biometric authentication bypassed using forgery. Yogesh Mehta, who is the Group Manager of the Crypto, Identity & Authentication PM team for Microsoft Azure, has recently stated that no one likes passwords, except hackers. While there is truth to this statement, passwords do not need to be vulnerable or annoying, and we discuss that further in the report. The statement was included in the message from Mr. Mehta, who stressed how careless users can be with passwords. According to him, strong passwords are hard to remember, due to which, most users create easy-to-guess passwords that are the prime target of cyber attackers, and that is the main reason why users are advised to replace passwords with FIDO2 certification.

What is FIDO2 certification?

FIDO2, according to FIDO Alliance, is an “overarching term for FIDO Alliance’s newest set of specifications. FIDO2 enables users to leverage common devices to easily authenticate to online services in both mobile and desktop environments.” Windows 10 is part of FIDO2 certification, and it is meant to enable 800 million Windows 10 users who sign in using their Microsoft accounts to get rid of passwords. With this certification enabled, users should be able to log into their devices using biometric authentication or PIN codes, depending on their preference. For example, when signing into a Windows 10 device using a Microsoft account, the user can have a verification code sent via a phone call, a text message, or the Microsoft Authenticator app. The main goal is to ensure that the user does not need to enter a Windows 10 password at any point. FIDO2 also offers security keys, which are physical devices that enable authentication when connected to USB ports or using near-field communication (NFC).

Hey, what if I’m not ready to get rid of Windows 10 password!?

With biometric authentication and FIDO2 certification till evolving, not everyone will be ready to take the leap right away; especially when not many have devices capable of supporting all available biometric authentication methods. Whatever your reasoning might be, if you are not ready, remember that Microsoft replaces Windows 10 password only when the user wants that. YOU choose how you sign in/log in, and because your virtual security is on the line here, you need to decide for yourself which security measures you are willing to adapt. That being said, even if you choose not to replace your Windows 10 password with biometric authentication or a PIN code, you still need to think carefully if the password you have set up is strong enough to protect you and your entire operating system against attackers. Without a doubt, if your password is weak, you need to make a change as soon as possible.

Overall, it is true that passwords are relatively weak – if compared to complex biometric authentication, for example – and it is not just your Windows 10 password that you need to think about. That being said, there are always ways to strengthen your sign-in credentials. If you are worried about the passwords you use when logging into certain websites, you can use Cyclonis Password Manager’s Password Analyzer to check their strength. The tool also offers a Password Generator to help create the most complex passwords. When available, two-factor authentication should always be enabled and used too to create an added hurdle that is, in most cases, much harder to bypass than a password. As for the password you use when signing into your operating system, something like password123, mycomputer, or ryanreynolds will not do. Needless to say, we would never suggest writing a password down onto a piece of paper, but memorizing a strong password might be impossible, which is why implementing reliable password management tools is the right move.

June 7, 2019

Leave a Reply