Not knowing my password used to be a source of shame and incompetence, requiring the dreaded grovelling to a colleague or service desk to reset and unlock my account. Today I was setting up my new laptop and realised that after changing it to a randomised password a few months ago I still didn’t know it…
So, how did setting up my device go?
Very smoothly and I still don’t know my password 😊. A while ago I invested in a FIDO2 secure key (Discover YubiKey 5), and since Windows 10 1903 it’s been possible to use a security key to authenticate with Windows for login, as well as Autopilot. As such, when it came time to sign in for the first time, I just selected the sign in with security key option, put my PIN in and away I went!
With Windows Hello for Business (WHfB), the rest of my Azure AD applications from Visual Studio, to Office, to the web were able to authenticate based on the fact I was already authenticated with Windows.
This both removed a constant need to enter my password and meant that I barely had to consider authentication on a new device.
Can I get rid of my password completely?
Unfortunately not, currently application support is still not universal with significant issues when it comes to Android and iOS (Support passwordless authentication). I’ve also found certain PowerShell modules and Visual Studio can insist on passwords when authentication though WHfB doesn’t work. Over the past year I’ve certainly seen a reduction in these issues, however some more work needs to happen before administrators can completely remove their passwords unfortunately.
When my password is required, it’s stored safely in LastPass (which is again authenticated with my Security Key) which I can then copy and paste into any applications which require it. As I’m not typing the password it can be extremely long and complex as I have no requirement to memorize it.
So, what happens if I lose my Security Key?
At the moment security keys aren’t mandated at PowerON so I can use other alternatives such as the Azure Authenticator App or WHfB PIN to get me into my mobile device or laptop. From there I can work with our service desk to disable and replace the original key and in a worst-case scenario they can reset the password on my behalf (if I can’t use Self Service Password Reset) so that I can continue operating until the new key arrives.
So there you have it!
Not knowing your password used to be a source of shame – but no longer! Could it actually be the key to tighter security? Let us know what you think over on Twitter: @PowerON_UK