Microsoft will soon offer new ways to log into cloud services like Microsoft 365 without relying on passwords.
Security is one of the main advantages of moving to the cloud; providers like Microsoft can invest millions in protecting their users, and have enormous teams dedicated to keeping their users safe.
However, cloud services have a big downside: phishing. If an account is protected by a single password, it's alarmingly vulnerable to attack. That's before you consider the hassle of having to remember passwords, or install a password manager (which could be compromised itself).
"Our analysis indicates that cloud-based user account attacks are up more than 300% over the past year," says Rob Lefferts, director of enterprise and security for Windows. "Passwords are the weakest link, and they are a source of frustration for users."
You've got the key
That's why Microsoft has announced that its next Microsoft 365 update will support the FIDO 2.0 web authentication standard, the heart of which is Web Authentication (WebAuthn).
WebAuthn lets account holders use something other than a password to verify their identity – whether it's an app on their phone, a USB hardware key, or biometric data. This could serve as a kind of two-factor authentication, or replace passwords completely.
WebAuthn is also coming to Microsoft Edge in the coming months, as well as Chrome and Firefox, making it possible to log into online services without passwords. Apple hasn't announced when Safari will join in, but has committed to doing so.
Some companies, including Google and Facebook, already have their own muti-factor authentication through a smartphone app or Yubikey device, but WebAuthn is an open standard, which makes it possible for even small services to implement it, and protect their users from phishing attacks.