Why do your user’s still need to enter their password every time they log in? Why? I say, go passwordless! Implementing passwordless MFA is the right choice for securing your identity without having to use passwords anymore.
What MFA options do you have?
- Approve a request on my Microsoft authenticator app
- Use a verification code from my mobile app
- Text phone number
- Call phone number
What do all options have in common? You will need to enter your password first to get prompted for MFA. Don’t you think that’s weird? When you get phished, the attacker has your password, which he can possibly abuse on other sites.
The only solution to get rid of that risky password is to enable the passwordless sign-in option in your Microsoft Authenticator app.
Before you can enable this option, please add this authentication method and enable it. Portal.azure.com –> Security –> Policies
The only drawback I can think of is that you have to register your device in the Azure AD tenant. Some users may object to this when it concerns their personal devices. Luckily, you can assure them that their devices won’t be managed by Intune/MDM and that the benefits are much greater!
Now it’s time to test our new passwordless sign-in! Open portal.office.com and log in with your username. This time, it won’t ask you for a password. Great, Scott. Now, you only have to approve the correct number in your Microsoft Authenticator app.
Conclusion
MFA is great, but MFA passwordless sign-in is way better because it eliminates the risk of users accidentally handing out their precious passwords. Just one final advice: make sure to back up your Microsoft Authenticator app.
