Microsoft is currently on a path to switch services to Passwordless logins, meaning we will at some point no longer require a password. This does not mean accounts will not be protected; accounts will be using tokens, Multi-Factor, authenticator apps to perform authentication.
The Microsoft strategy is base on 4 steps; Develop password replacement offering Reduce the user-visible password surface area Transition into password-less deployment Eliminate password from identity directory Right now, we still see the continued development of the replacement for passwords and the reduction of locations where we need to enter password.
FIDO keys provide you with a hardware-based authentication device. The keys can be used on a number of different sites as well. I use the keys to protect my AzureAD login, GitHub and a few other places as well. In this section, I will go over the process to enable AzureAD.
In part 1, I went over methods for PasswordLess login and set up the Microsoft Authenticator App.
AzureAD Passwordless Sign in with FIDO - Part 1
FIDO keys provide you with a hardware-based authentication device. The keys can be used on a number of different sites as well. I use the keys to protect my AzureAD login, GitHub and a few other places as well. In this section I will go over the configuration for locking down a Windows 10 device. I have already gone over the process to enable AzureAD in part 1 and 2.
