Microsoft turns on passwordless mobile authentication • History
Microsoft is introducing another way for smartphone and tablet users to protect themselves from phishing attacks as the post-pandemic hybrid business attracts more and more workers under its Bring Your Own Device (BYOD) policies.
By doing this, of course, it also ties into the loose security aspects of companies, which find BYOD “appropriate” (CoughCheap, Cough) but it is not safe.
At last month’s Ignite 2022 event, Microsoft announced the general availability of Azure Active Director (AD) Certificate-Based Authentication (CBA), which addresses a component of the Biden Administration. executive order Last year to strengthen the cyber security of the United States.
Microsoft is now offering a public preview of the Azure AD CBA on Apple iOS and Android devices that use YubiKey Device Security Key certificates from Yubico.
The authentication method is based on certificates rather than passwords. Microsoft, along with others including Apple and Google, is paying for Authentication without password – It aims to ward off phishing Attacks Designed to get around multi-factor authentication (MFA).
Vimala Ranganathan, Product Manager, Microsoft Entra, explained The preview will give mobile users a login method that supports the Federal Information Processing Standards (FIPS) Anti-Phishing (MFA).
“On mobile, while customers can provide user certificates on their personal mobile devices to be used for authentication, this is primarily possible for managed mobile devices,” said Ranganathan. “But this new public preview unlocks support for BYOD. Customers can now provide certificates to a device security key that can then be used to authenticate with Azure AD on iOS and Android devices.”
iOS device users will have to register with the Yubico Authenticator app to copy the public YubiKey certificate into the iOS Keychain and then select the YubiKey Certificate to login and enter the PIN.
Android devices enabled with the latest Microsoft Authentication Library (MSAL) will not need the YubiKey Authenticator app. Alternatively, users can connect their YubiKey through USB, start Azure AD CBA and choose a certificate from YubiKey. From there they enter the PIN to authenticate the app.
The new capability comes as BYOD adoption grows, Alex Weinert, Vice President and Director of Identity Security at Microsoft wrote. BYOD acreage is expected to grow at an average of 15.1 percent annually, Hit $485.5 billion by 2025, according to market research firm IndustryArc. ®
#Microsoft #turns #passwordless #mobile #authentication #History