Obituary: The Passing of the Password

It is with a mixture of gratitude and relief that the Microsoft family has informed us of the timely passing of the beleaguered password after a long illness.

“Nobody likes passwords,” explained Vasu Jakkal, Corporate Vice President for Security, Compliance and Identity, speaking on behalf of the family. “They’re inconvenient. They’re a prime target for attacks. Yet for years they’ve been the most important layer of security for everything in our digital lives—from email to bank accounts, shopping carts to video games.”

Password is survived by the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to your phone or email. These will continue to allow you to sign in to your favorite apps and services, such as Microsoft Outlook, Microsoft OneDrive, Microsoft Family Safety, and more. The funeral will be rolled out over the coming weeks.

The End of a Long Period of Suffering – For Users

In this case, the suffering was not on the part of the departed, but rather on all those who used him. Many complained of having to remember so many different passwords. Others were frustrated by having to change them regularly, and never being allowed to reuse any of them. Even constructing them became more and more difficult as different rules were applied for which special characters could be included.

Some had tried to defraud Password by using its own name, “password,” as their password. More than would be believed. Others used their pet’s names, their spouse’s name, birthdays, and a preponderance of people preferred 12345678 or its close cousin 87654321 as their password.

Microsoft CISO Bret Arsenault expressed no real surprise at Password’s passing, pointing out, “There are a whopping 579 password attacks every second – that’s 18 billion every year.” How could anyone expect anyone to ever survive such an onslaught? That worry is now over, and we can only hope that Password can now rest in peace.

Password’s close relatives, including Single-Sign-On and Keychain, could not be reached for comment.

Grieving Evident Among the Underworld

Though most users view the passing of Password with a measure of relief mixed with gratitude, there are those who expressed grief at the demise.

“What am I going to get those idiot users to enter into my phishing emails now?” asked one ransomware hacker on condition of anonymity. “How am I ever going to get them to wait for the six-digit code to come in on their smartphone and quickly forward it to me? How’s that even going to work??”

Ransomware thieves were joined by other malware distributors and hackers in bemoaning the passing of their long-trusted aide in attacking the hapless.

“The thing we all liked most about Password,” explained one cybercriminal who asked that their name not be used, “was that he was a simpleton. Always simple. Easy to figure out. A really accessible kind of guy. He will be missed.”

Improved Services Promised

“I may be confusing as heck to use at first,” said Microsoft Authenticator when reached for comment at his Redmond, Wash. home. “But once you get used to me, I can assure you of much better service than you ever got from Password. I don’t like to speak ill of the dead, but come on, that was a guy whose time has long passed.”

SMS was quick to point out that he was far more easily accessible and universal, “and I reduce your dependence upon Microsoft, too!”

All end users reached for comment were speechless.

As for channel service providers, none wanted to publicly express their joy at the passing of an old acquaintance, but a few privately expressed relief that they might no longer have to rescue clients from some of Password’s well documented personal flaws.

Memorial Service Announced

Microsoft also announced a remembrance and celebration of the passing of Password, set for Wednesday, October 13, 2021, from 10am until 11:30am Pacific Time. Many of the consequences of this passing will be highlighted, including:

  • Strengthening security and improving efficiency by moving to passwordless authentication.
  • Combatting the misconceptions of going passwordless.
  • Educating employees about adopting passwordless authentication methods.
  • Use the multiple methods that are available through Microsoft for passwordless sign-in.
  • Replacing passwords as the primary authentication method with more secure alternatives and managing at scale with Azure Active Directory.

Those wishing to attend are asked to sign the register at: https://passwordlessfuturedigitalevent.eventcore.com/auth/challenge.

Further reading:

Survey Shows Security Becoming Major MSP Focus

Best Endpoint Security and EDR Tools for MSPs

Howard M. Cohen
Howard M. Cohen is a 35+ year executive veteran of the Information Technology industry who writes for and about the IT channel. He’s a frequent speaker at IT industry events, including Microsoft Inspire, Citrix Synergy/Summit, ConnectWise IT Nation, ChannelPro Forums, Cloud Partners Summit, MicroCorp One-On-One, and CompTIA ChannelCon, and he frequently hosts and presents webinars for many vendors and publications.

RELATED ARTICLES

Must Read