How Does Passwordless Login Work?

For years, computer security required the hassles of creating complex and unique passwords, remembering them (or contacting support when you forgot them), and frequently changing those passwords. But, as it turns out, those pain-in-the-neck password tactics didn’t stop modern hackers

To combat modern hacking tactics, cybersecurity experts now recommend passwordless login. Curious how that works with your Microsoft tools? This is the article you’ve been waiting for.  

TL;DR: Passwordless login requires an approved device paired with a PIN, a biometric scan of your face or fingerprint, or a hardware security key. All of these are easier to use than passwords, and they all work with Azure AD. Learn more from Interplay.

How Does Passwordless Login Work?

Instead of using a password plus an MFA layer, passwordless login requires you to present something you have (a device), plus something you are (biometrics) or know (PIN). It’s extremely secure. 

Best of all, this login method already integrates with Azure Active Directory to verify your identity using 3 flexible tools. You can transform Microsoft 365 and Teams into your very own passwordless havens without too much effort. 

Here’s how you can go passwordless with:

1. Windows Hello for Business

If your workers each have a Windows PC, you can tie biometric & PIN data directly to the PC using Windows Hello for Business. A hacker can’t log in as the user unless they have their PC and their face or fingerprint – and stuff like that only happens in the movies. 

Top benefit of this method: Because Windows Hello for Business authenticates across the platform, it supports single sign-on (SSO) for seamless productivity across a wide range of applications and logins.

2. Microsoft Authenticator

If workers have Windows or non-Windows phones, they can use the Microsoft Authenticator app. Using this as a passwordless login method is different than using it for multifactor authentication. 

For passwordless use, the app requires users to (1) match a number that they will see on their phone and their computer screen and then (2) enter their PIN or use biometrics to complete the authentication process.

Top benefit of this method: The Microsoft Authenticator app works across a wide range of BYOD devices, which makes it affordable and easy to roll out.

3. FIDO2 security keys

FIDO stands for Fast IDentity Online, which is an alliance committed to open authentication standards and a passwordless future. That’s pretty cool. Their devices, known in their latest iteration as FIDO2 security keys, are typically little USB plugins that authenticate the device, but you can also get ones that verify biometric identification and work with Bluetooth or NFC / card-tapping. 

Top benefit of this method: If you can’t (or don’t want to) use employee phones or laptops as authentication methods, these are a great solution for extra security. They also work well for uses where having to verify with a phone would be awkward, such as at a public kiosk or help desk.

How Each of These Methods Work with Azure Active Directory

To securely validate each of these methods and verify the user’s identity, Azure AD and the device perform a complicated information tradeoff in multiple steps, first validating that the user was able to unlock the device with their PIN or biometrics and then validating that the device is authorized to work with the app. 

Ready to rock your next trivia match? Just keep it in the back of your mind that these validation confirmations are traded back and forth using randomly generated, one-time-use-only codes called nonces.” 

As a trivia genius, you probably already know how tokenized credit card numbers work on your mobile payment apps, so it’ll make sense to you that this is a really similar concept that uses waaay geekier terminology.

Why Choose Passwordless Security?

The biggest benefit to going passwordless is that you will significantly improve your security while also increasing convenience for your employees. If you don’t have a password, no one can forget it and it can’t be stolen by cybercriminals. 

Considering all the hassles that passwords bring to the table, we’re pretty sure that cybercriminals are the only people who even like passwords these days – so why not just get rid of them?

Try out a passwordless setup with Interplay.

For 20+ years, the friendly and knowledgeable IT services team at Interplay has helped business leaders across a range of industries get more out of their tech, stress free. Not only are we always (and we mean always) happy to offer the best managed IT services, support, and advice, we’re also the team you can trust for the best cocktail recommendations here in Seattle or in Disney World – we’re versatile! All humor aside though, we’d love to help you get your IT running smoothly and securely, around the clock.