A couple weeks ago, Microsoft made the announcement that Windows 10 and Office 365 users can now log into Azure AD applications using only the Authenticator App.
The current protocol for Windows 10 and Azure Active Directory users is to log into their accounts using an email address and password. If two-factor authentication is turned on, the user is then prompted to verify themselves using SMS or the Authenticator app.
It appears that Microsoft is moving towards a more seamless and secure experience that involves having the user enable the feature that allows future logins to be approved by pop ups on the Android or iOS Authenticator App. After being approved, the login is verified using the smartphone's fingerprint reader, facial recognition, or PIN.
A significant portion of IT security relies upon users abiding by security best practices and having security habits that do not put the organization at risk. Often missing from this equation is convenience and ease of use. It would appear that Microsoft is trying to bridge this gap. As the Harvard Business Review states: Client-centric security experiences can create value for customers by giving users what they expect from digital security: the ease and convenience of doing business seamlessly in a safe environment.
The new app can help eliminate phishing attacks as passwords are not being depended upon. Also this route is quicker and does not involve security tokens that users often get frustrated with.
Come back and check out some more of our updates from Microsoft's Ignite!