Microsoft Confirms Intent To Replace Windows 10 Passwords For 800 Million Users

Our ability to securely move beyond passwords as the singular trusted authentication mechanism has been here for some time, but concept and related technology has lacked traction.  I am excited to see Microsoft continue to endorse and partner with the FIDO Alliance to bring forward secure, alternative authentication options to the masses.

Please remember that even the best Microsoft Hello option is still often a single authentication factor.  For sensitive system access, multi-factor authentication is still the safest, most effective approach to authentication.

https://www.forbes.com/sites/daveywinder/2019/05/11/microsoft-confirms-intent-to-replace-windows-10-passwords-for-800-million-users/#6c2d97324a83

8-Character Windows NTLM Passwords Can Be Cracked In Under 2.5 Hours

Though many like to pretend that the debate is still alive and relevant, I tend to agree with the authors of this post from KnowBe4 – the 8 character password is dead.  It has honestly been dead for some time.  We need to move forward and consider stronger, more effective and memorable pass-phrases combined with multi-factor authentication options whenever available.

The NIST standard of “complex” 8 character passwords is mentioned in this post, but it is also worth mentioning that even NIST has recognized it is time to move beyond that standard.  New, revised standards are coming that involve less password rotation and more lengthened pass-phrases.

These steps are honestly not hard and they will keep your data safer than the good ol’ days of “Petsname123”.

https://blog.knowbe4.com/8-character-windows-ntlm-passwords-can-be-cracked-in-under-2.5-hours

2FA Login Failure in Office 365 and Azure

This is a very difficult situation from an IT security perspective.  Multi-factor authentication is a necessary step for the security of many systems and applications, especially those that are cloud hosted.  These types of outages can and will shake the confidence of users and make the move to multi-factor authentication that much more difficult to pursue and expand for IT security professionals in organizations.

https://www.infosecurity-magazine.com/news/2fa-login-failure-in-office-365/

Safer Internet Day: 3 things your social networks can do for you

All of the advice in this article is sound, but to be honest and in my humble opinion, the most valuable point made here or in general concerning social media and security is the absolute need for two-factor / multi-factor authentication.  This must become a component of everything we do online.

https://nakedsecurity.sophos.com/2018/02/06/safer-internet-day-3-things-your-social-networks-can-do-for-you/

No more pointless password requirements

This is exciting news and a very smart, practical move by the team at NIST.  Length of passwords trumps complexity in most situations when an end user is left to his or her own devices.  I am glad to see these changes and encourage all administrators and IT security professionals to use these changes as an opportunity to better educate end users in the proper set up and usage of passwords.

https://www.welivesecurity.com/2017/05/03/no-pointless-password-requirements/

Microsoft App Aims to Delete the Password

I listened to an interesting Steve Gibson podcast on this same subject and tend to agree with Steve that this is a decent implementation of a stronger single factor authentication mechanism, but it is far from multi-factor authentication.  This can certainly replace weak passwords with a slightly stronger authentication mechanism, but it most instances, real security will require a second, truly secret authentication factor.

http://www.darkreading.com/endpoint/microsoft-app-aims-to-delete-the-password/d/d-id/1328741