It’s the 20th of January here in Sweden and this day is called Change Your Password Day. I know that this day is held on the 1st of February in other parts of the world. No matter the date, the purpose of this day is to shine a little extra light on the importance of secure passwords. Traditionally the only way to secure you accounts was to create hard to guess passwords and then to change them regularly to prevent brute force attacks from guessing the correct combination of characters.
Studies have shown that to force users to change their password actually counters security. Users tend to create easy to remember passwords and use numbers and special characters to replace letters in otherwise common words. Not a great solution since all hackers know this.
A much better way is to stop using passwords all together. Microsoft announced this modern approach for Azure AD at Ignite last year. You can now login to Azure AD/Office 365 by using the Microsoft Authenticator app and a PIN, your fingerprint or your face. This is so much more secure since it can’t be used by remote malicious users. You need the physical phone to login.
Enable Password-Less Authentication for Azure AD/Office 365
If you use Office 365 you can enable this right away. Download the Microsoft Authenticator app, add you Office 365 account and then enable phone sign-in.
Click on the arrow next to your account and enable phone sign-in.
You phone needs to be registered with your organisations Azure AD. Simply follow the instructions. Also make sure your phone has PIN, fingerprint or face recognition enabled.
You can now login to your Azure AD account without ever entering a password.
More information about Microsoft password-less:
https://www.microsoft.com/en-us/cloud-platform/passwordless
Please follow me here, on LinkedIn and on Twitter.
Daniel Chronlund Cloud Security Blog 