Photo by CMDR Shane on Unsplash

Microsoft has massive plans to let user access its services without having the need to use passwords. In the latest preview build of Windows 10 they have taken giant step towards doing so. As internet user and usage grows year on year, many companies are following the similar approach.

After being an internet/system user for last two decades, I believe it’s nearly impossible to access systems without passwords. I will be super surprised if password less systems can be created for mass usage. More than creating password less systems, what is required is how to make systems more secured by creating easy to use tools around passwords that add second layer of authentication. It is also important to ensure that such additional authentication system don’t end up being too complex to use, otherwise user adoption will be slow.

Based on personal tech usage experience, if multi-authentication mode of accessing system is complex like asking codes every time a user logs in, not getting the code due to network issue or locking user out completely for sure will not attract faster adoption. Troy Hunt has written an article on how second authentication mode should evolve around passwords. I do agree with most of his points, but it seems for now only big tech giants like Microsoft, Google, Apple, Amazon etc are able to implement such solutions for its users. It’s very critical to bring such solution across all the services irrespective of the size of business. This will also ensure faster adoption of multi-authentication mode.

I am in strong favor of TPM that is embedded in the hardware. Companies need to find a way to store keys in these TPMs, which will ensure that user is able to access systems/services only from set of registered devices having TPMs. This may invite trouble but I think it will be more robust than software tokens and way better than asking users to use another hardware than can get easily lost.