Microsoft will soon offer new ways to sign in to cloud services such as Microsoft 365 without relying on passwords.
Security is one of the main advantages of moving to the cloud; Providers like Microsoft can invest millions to protect their users and have huge teams dedicated to keeping their users safe.
However, cloud services have one major drawback: phishing. If an account is protected by a single password, it is alarmingly vulnerable to attack. That's before you consider the hassle of having to remember passwords or install a password manager (which could be compromised).
"Our analysis indicates that attacks on the user account in the cloud increased more than 300% in the last year," says Rob Lefferts, director of enterprise and security for Windows. "Passwords are the weakest link and are a source of frustration for users."
You have the key
That's why Microsoft announced that its next update of Microsoft 365 will support the FIDO 2.0 web authentication standard. whose heart is Web Authentication (WebAuthn).
WebAuthn allows account holders to use something other than a password to verify their identity, whether it's an application on their phone, a USB hardware key or biometric data. This could serve as a kind of two-factor authentication, or completely replace passwords.
WebAuthn will also reach Microsoft Edge in the coming months, as well as Chrome and Firefox, which will allow you to log in to online services without passwords. Apple has not announced when Safari will join, but has promised to do so.
Some companies, including Google and Facebook, already have their own muti-factor authentication through a smartphone application or Yubikey device, but WebAuthn is a standard open store, which makes it possible for even small services to implement and protect it to its users of phishing attacks.