It seems like only yesterday that I was showing my mother how to manage all of her passwords to the myriad of sites she works with to pay bills, shop, etc in Windows. Come to think of it...it literally was, yesterday. For the longest time, she like many others carried around a little pocket notebook with all of her usernames and passwords in them. I couldn't blame her - it was I that scared her into "you must not use the same password on more than one website." I even went so far as to have the conversation about why you should have passphrases instead of passwords but that was a bridge too far.
For far too long companies have relied on passwords to secure their customer data. The weakest link in a security strategy was also the most important: ease of use and ability to remember. To what end? This, This, and This to name but a few dozen high profile hacks. What's worse is when, despite my best efforts to help my mom create difficult to guess passwords, there are major websites like THIS that limit the number of characters in a password to a completely unacceptable arbitrary maximum of EIGHT flipping characters. Nice job. The little character from Disney's new movie comes to mind:
Oh the humanity!
Starting on July 29, that ends. Microsoft's stated objective: eliminate the password. It will take some time of course to get everyone to eliminate this weakest of links in personal and corporate security postures. But the infrastructure is there. The tooling is there for developers and the interface couldn't be more amazing.
Secure by default. Eliminate the passwords entirely. Provide advanced encryption technologies to everyone that enables safe collaboration (for business and consumers). Over the next several parts, I'll be talking about the business security investments within Windows 10. But for today, meet the new day for Microsoft - as told by the children of the world that will grow up never having to deal with the scourge of passwords: