Why do your user’s still need to enter their password every time they log in? Why? I say, go passwordless! Implementing passwordless MFA is the right choice for securing your identity without having to use passwords anymore.
What MFA options do you have?
*Approve a request on my Microsoft authenticator app
*Use a verification code from my mobile app
*Text phone number
*Call phone number
What do all options have in common? You will need to enter your password first to get prompted for MFA. Don’t you think that’s weird? When you get phished the attacker has your password, which he can possibly abuse on other sites.
The only solution to get rid of that risky password, is to enable the passwordless sign-in option in your Microsoft Authenticator app.
Before you can enable this option, please add this authentication method and enable it. Portal.azure.com –> Security –> Policies
The only drawback I can think of is, you have to register your device in the Azure AD tenant. Some users may object to this when it concerns their personal device. Luckily, you can assure them their devices won’t be managed by Intune/MDM and that the benefits are much greater!
Now it’s time to test our new passwordless sign-in! Open portal.office.com and log in with your username, this time it won’t ask you for a password. Great Scott, now you only have to approve the correct number in your Microsoft Authenticator app.
MFA is great, but MFA passwordless sign-in is way better because it eliminates the risk of users accidentally handing out their precious passwords. Just one final advice, make sure to back-up your Microsoft Authenticator app.