Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed

Search

Microsoft Plans for Password-Free Future

Three out of four people are known to use the same password for multiple accounts, leaving the purpose of such security to be questioned. Even newer implementations such as two-factor authentication can be ousted. This is why Windows has executed a plan to use Biometrics in the form of Windows Hello or FIDO2 devices such as Yubikey or FEITIAN, which are both available for $30-60 dollars. Rob Lefferts, the VP of Security at Microsoft said “Passwords are bad for the planet. They’re bad for people. They’re the easiest way for attackers to get in, and in the case of account takeovers, they’re even a way to force people out.” When a user signs in, the Microsoft account framework gives a nonce–a discretionary one-time number to the PC or FIDO2 gadget, which utilizes the previously-mentioned private key to sign the nonce. The last of which contains data about the conditions of the login. For example, regardless of whether the character was confirmed through a biometric examination, they’re sent to the Microsoft account framework where they’re checked utilizing the public key.

Analyst Notes

Malicious activity perpetrated by attackers evolves at a rapid pace, that’s why it is safe for consumers to do the same. If users have been a victim of having their password compromised in the past, then it is safe for them to give this new form of login a try. Even though it may seem new, it is ultimately a safer alternative than the traditional password.