It's often said that the safest password you can have is one you don't know. Which is why so many password management programs create passwords for you that impossible for you to remember. But Microsoft is going a step further. They are enabling password-free access to more services through their Authenticator app.
During the recent Ignite event Microsoft held in Orlando the company's CEO, Satya Nadella, said "Because one of the biggest challenges is you want to make sure that the users don't have friction, but have more security. So, this multi-factor authentication or passwordless future has to be done in a way that user adoption is at the centre of it".
I looked at Authenticator a while ago and it's a solid app that works well. When I remotely log into my Skype, Office 365 or OneDrive accounts, I never need to use a password as all the authentication is handled by the app. I suspect the experience Microsoft gained will be leveraged as they expand the Authenticator model to their enterprise cloud services.
With 50 million Facebook accounts breached over the weekend, many people are questioning why we still have passwords. Even though there are plenty of steps you can take to use strong passwords, we are creatures of habit and many people re-use passwords or use weak passwords so they can remember them.
Two-factor and multi-factor authentication are a great step forward and offer a relatively easy path for strengthening your account security. But a password-less system is possible. I noted recently that research done by Data 61, it's possible for users to be identified by how they hold their mobile devices and tap on the screen. Perhaps that research could be used for good and not evil as a way of proving user identity as it becomes a more accurate tool.
In addition to the new passwordless shift, Microsoft announced Microsoft Secure Score during Ignite. This is a tool that allow organisations assess their security environment and get recommendations that to reduce their chance of a breach.