Nom de domaine

– Guest article, written by Vincent Lautier –

On the occasion of the World Password Day, Microsoft renamed the “World Passkey Day” event and now requires connection without password for all new accounts. A decision that makes noise in a context of permanent cyberrencies.

Forgot password? It will soon be ancient history

Microsoft has just taken an important step in his fight against passwords. From now on, any new Microsoft account will be configured without default password. During registration, the user will no longer be invited to create a password, but to choose from more secure authentication methods: Passkeys, safety keys, two -factor authentication or Windows Hello. This change is part of a broader plan, started for several years, with the aim ofcompletely eliminate the use of passwords. For existing accounts, Microsoft also offers an option in the settings to delete your password manually.

The end of a model that has become too risky

This turnaround is not a whim or a surprise: Microsoft faces an explosion of cyber attacks targeting passwords. In 2024, the company identified 7,000 attacks per secondmore than double compared to the previous year. Low or reused passwords (often of consequences such as “123456” or first names) greatly facilitate the work of the attackers. Even systems with double authentication are vulnerable in the event of well executed phishing. Microsoft wants to cut all these threats short by imposing so -called methods “Phishing resistant”like the passkeys standardized by the Fido Alliance. The latter cannot be intercepted or reused because they are based on an asymmetrical cryptography unique on each device.

A new user experience

To facilitate this transition, Microsoft has revised the connection interface. From now on, the platform automatically detects the most secure connection method available on the account, and offers it by default. For example, if a user has configured a single -use code in addition to a password, the code will be requested. Once connected, he will be invited to record a passkey for future connections. This redesign of the user experience aims to make the process more fluidby limiting complex choices. The first results seem positive: Microsoft affirms that this new model has already made it possible to Reduce the use of passwords by 20 %.

Passkeys: a universal standard?

Behind this development, we find the work of the Fido Alliance, an industrial consortium supported by Google, Apple and Microsoft. The goal is to make passkeys A standard of universal authentication. Unlike passwords, these keys never leave the user’s device, which prevents any form of theft via the network. They can be used with facial recognition, a fingerprint or a local code, depending on the capacities of the device. Millions of sites and applications already support them, especially in China where adoption is massive. Microsoft claims to record Almost a million Passkeys created every daywith a 98 % connection success rate, against only 32 % for conventional passwords (I confirm, connect to my Microsoft account with a password always takes an endless time).

If this transition seems inevitable, it is far from being generalized. Many third -party services such as forum banks or small sites are always based on traditional passwords. For users, this involves keeping an up -to -date password manager. Microsoft still encourages Internet users at switch to a hybrid approachby deleting the passwords from compatible services, and by securing others via robust tools. The company admits that the change is progressive, but hopes that by making the default password without password, the uses will eventually align themselves.

Increased pressure on latecomers

The passage to the password is not without consequences for the accounts still protected in a traditional way. Microsoft alerts on a increase in pressure exerted by attackers On these more vulnerable targets. The message is as follows: Keeping a password becomes a risk in itself. The best defense remains the outright abandonment of this authentication model. As it stands, only 6 % of the passwords used would be really unique. For the rest, the exhibition is still maximum.

Article published by Vincent Lautierinvited by Korben. You can Follow me on Blueskymake a jump on My pingoo.com blog or read The tests I publish in the “Tech Gadgets” categoryas This 5G routerthis remote -controlled car or that Small SSD !

Source : Cyberness,, The Verge


Source link

Categorized in:

Technology