At Microsoft Ignite 2019, we heard from Microsoft CISO, Brett Arsenault, who said: "You shouldn't know your password."
This may come as a surprise because, as we all know, it’s our password that gives us access to our accounts, applications, and systems. Why is Microsoft’s CISO telling us to forget our passwords?
What Brett means is that in adopting a zero-trust mentality and utilizing the tools available, passwords — which lead to 99% of breaches — are no longer the primary method of authentication.
Here's an example of how this can be accomplished.
1. Use conditional access to automatically assign a risk score to a user based on their previous activity, device health, device location, as well as other controls you set.
2. Enable Multifactor Authentication for 100% of your employees, 100% of the time. 99% of breaches have a password event associated with them. MFA could prevent that.
3. Use built-in security functionality. The best example of this is Windows Hello. Windows Hello uses biometrics to authenticate users by using their computer’s webcam or fingerprint reader. Windows Hello is also 3X faster than a password.
Identity is the new control plane for enterprise security. Since passwords are easily forgotten and stolen, organizations need to adopt better processes and tools to empower their people to stay safe while being productive.
Don’t fall victim to a data breach because of compromised credentials. To hear more about Microsoft Security, contact us today.