View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Microsoft Launches Public Preview of Security Key Support: Password-Free Life Creeps Closer

With over 551 million real world passwords exposed in data breaches and the growing ease with which they can be brute-forced, dumping the password makes a lot of sense...

By CBR Staff Writer

Microsoft says enterprises can now roll out the use of security keys at scale, as it launches a public preview of FIDO2 security key support in Azure Active Directory (AD). The move is a major step towards a passwordless enterprise environment. (Azure AD is Microsoft’s identity and access management platform).

Security keys are available in a range of form factors, but commonly come as small USB key fob that creates a public and private key when registered. The private key can only be unlocked using a local gesture such as a biometric or PIN. Users have the option to either sign in directly via biometric recognition—such as fingerprint scan, facial recognition, or iris scan—or with a PIN that’s locked and secured on the device.

Microsoft Security Key Support 

The move will be welcomed by many businesses concerned at the growing ease with which passwords can be brute forced, or otherwise compromised: that is if they have not been stolen in a data breach already.

An estimated 81 percent of successful cyberattacks begin with a compromised username/password and there is no shortage of those in the wild: https://haveibeenpwned.com lists 551,509,767 real world passwords previously exposed in data breaches.

Alex Simons, a VP in Microsoft’s Identity and Security department, said the company has also “turned on a new set of admin capabilities in the Azure AD portal that enable you to manage authentication factors for users and groups in your organization.”

This currently lets admins use either security keys or Microsoft’s Authenticator application for authentication. (The latter is a Microsoft app that lets employees augment a password with a one-time passcode or push notification; instead of using a password, users confirm their identity using mobile phone through fingerprint scan, facial or iris recognition, or PINfor authentication.)

Simons added: “You’ll see us add the ability to manage all our traditional authentication factors (Multi-Factor Authentication, OATH Tokens, phone number sign in, etc.). Our goal is to enable you to use this one tool to manage all your authentication factors.”

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

Microsoft has tested five FIDO2 (an industry security standard)-certified security keys and has active promotions ongoing with three: Yubico, HID and Feitian Technologies; they offer a range of form factors, including biometric devices and USB security keys.

(Yubico, for example, is offering complimentary YubiKey Starter Kits to “organizations with Microsoft 365 customers who are interested in beginning their passwordless journey.” This includes two multi-protocol YubiKeys. Feitian is offering the first 500 Microsoft-referred clients a 30 discount on its biometric keys.

As Microsoft added in a whitepaper: “It’s common practice for IT to attempt lessening password risk by employing stronger password complexity and demanding more frequent password changes. However, these tactics drive up IT help desk costs while leading to poor user experiences related to password-reset requirements. Most importantly, this approach isn’t enough for current cybersecurity threats and doesn’t deliver on organizational information security needs.”

See also: Android Security Keys: Now you can Hold 2FA Keys on Your Smartphone

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU