Microsoft: Now You Don't Need a %$#! Password
ORLANDO, Fla. -- Microsoft Ignite -- Microsoft has bad news for people who like making up and remembering unpronounceable words: The password is dead. You don't need it to log in to Azure enterprise apps anymore.
"Nearly all data loss starts with compromised passwords, and so today we are declaring an end to the era of passwords," Rob Lefferts, Microsoft Corp. (Nasdaq: MSFT) corporate vice president, security, said in a blog post scheduled to go live Monday. Microsoft is launching "password-less login" using the Microsoft Authenticator app for "hundreds of thousands of AD connected apps," Lefferts said. "No company lets enterprises eliminate more passwords than Microsoft."
Passwordless login is one of several security announcements Microsoft is making today. Microsoft is launching Secure Score, a means for auditing organizational security. It's not just a report card, but also a means by which organizations can identify security problems for correction. Organizations using Secure Score are 30 times less likely to be breached than their counterparts, Lefferts said. Secure Score points out protective measures enterprises may be missing, such as securing accounts with multifactor authentication and turning off client-side mail forwarding rules.
Additionally, Microsoft is unifying several anti-threat services under a single umbrella -- Microsoft Threat Protection. These include email, PCs, documents, identities and infrastructure.
And Microsoft launched Azure confidential computing, to protect data in the public cloud, in public preview. Specifically, Azure confidential computing will be available October 1 on a new Azure virtual machine family called DC series. Azure confidential computing runs on Intel SGX technology.
Security is a priority for all the major cloud providers (and every vendor). At its Google Next Cloud conference in July, Google launched a new suite of cloud access controls including a hardware key for priority users. Amazon Web Services Inc. recently launched Secrets Manager, to protect information such as database credentials, passwords and API keys, as well as firewall and configuration services. And IBM recently introduced denial-of-service protection as well as security tools for Kubernetes running on bare metal.(See Google: Security vs. Convenience – You Don't Have to Choose, Amazon Automates Cloud Security and IBM Launches 'Continuous' Security & Kubernetes on Bare Metal.)
Cisco Systems Inc. (Nasdaq: CSCO) last month acquired Duo Security for $2.5 billion to provide user and device authentication beyond the network edge. (See Cisco Takes Security Beyond the Enterprise Network With $2.35B Duo Buy .)
The security initiatives were among a panoply of announcements from Microsoft on the first day of its annual partner and customer conference. Others include protections for elections, a program to apply AI to humanitarian aid, and an array of AI, Internet of Things and edge technologies. (See Microsoft Flexes Muscles on AI, IoT & Security and Microsoft Goes Captain America, Launches 'Defending Democracy' Program .)
- Automation Makes Network Security a Much Bigger Priority
- Juniper, Ericsson Team on 5G Transport, Security
— Mitch Wagner Executive Editor, Light Reading