![]() ![]() So how can we make that somewhat modern scenario, VERY modern? We need to enable passwordless sign-in using Microsoft Authenticator. Do you want your global admins logging into the Azure portal using pa$$word1 every day? Consider reading the Microsoft blog post on why Your Pa$$word doesn’t matter. This is flawed for several reasons – your users will start incrementing their passwords instead of actually making secure ones, and any form on MFA significantly decreases your risk of security incidents. Maybe they’ll even have to reset it every 90 days. In a very traditional scenario, Windows Hello isn’t being used at all and the user will log in using that long password every day. ![]() Maybe after they set up their laptop they go to set up their phone, and have already forgotten that new long password! But since it’s only local to the device, every time they need that long password they’ll either have to go find it somewhere or reset it. Windows Hello is convenient and easy to set up, which is great. In a somewhat modern scenario users would do the following: Autopilot their device with a temporary password, create a new longer password with numbers/special characters, set up Windows Hello with PIN & biometric unlock, and immediately forget that new password they just created (unless they wrote it down somewhere…). Especially for remote workers, this may be the only scenario they ever follow. Think of a situation where you’re onboarding a new user to the company and you’re shipping a new device to them to set up and start working without ever stepping in to the office. In that spirit, I’ve been exploring just how to deploy passwordless devices. There’s a lot of great discussion going on these days about getting rid of passwords – because they’re unsafe, hard to remember, frequently reused, etc.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |