Peter Bright* says Microsoft will soon be offering phone-based authentication for online apps that will be completely password-free.
Applications using Asure Active Directory (AD) to authenticate — a category that includes Office 365, among other things — will soon be able to stop using passwords entirely.
Asure AD accounts can already use the Microsoft Authenticator app for two-factor authentication, combining a password with a one-time code.
With the new password-free support, authentication is handled entirely by the app; the app itself represents “something you have,” and this is combined with either biometric authentication or a PIN.
Passwords have a long, problematic history; while they can be very strong, if suitably long and suitably random, human passwords are often short, non-random, and reused across multiple sites.
App-based authentication avoids this longstanding weakness.
Enabling two-factor authentication is just one of the things that organisations can do to improve their security.
To that end, Microsoft has extended “Microsoft Security Score,” a tool used to assess organisational policy and provide guidance on measures that can be taken to harden an organisation against attack.
Secure Score already spans Office 365 and Windows security features; to these, Microsoft has added Azure AD, Azure Security Center, and Enterprise Mobility + Security, covering a wider range of settings and options.
When breaches have occurred, the new Microsoft Threat Protection provides detection and remediation of a wide range of threat protection systems, from email to identity to infrastructure.
This should make it easier to catch suspicious behaviour — strange login attempts, unusual file modifications, unexpected program crashes, atypical network activity — and lock accounts, isolate systems from the network, or whatever else is appropriate for the threat being faced.
Finally, Azure Confidential Computing is now available in preview.
Confidential Computing is a platform for Azure virtual machines that use processors supporting Intel’s SGX technology.
Using the Confidential Computing platform, developers can create cloud applications that process sensitive data in secure, isolated, encrypted enclaves such that even Microsoft cannot see what’s going on.
The intent is that it should enable applications with strict privacy concerns to be safely run in the cloud.
* Peter Bright is Technology Editor at Ars Technica. He tweets at @drpizza.
This article first appeared at arstechnica.com.
