What is PasswordLess?
Passwordless authentication is a method of verifying a user’s login without the need for a traditional password.
Instead of relying on a password, PasswordLess authentication uses alternative methods to verify a login, such as biometrics (e.g. fingerprint, facial recognition), ha0072dware tokens, or one-time codes sent to a trusted device.
Why it’s so Famous or Popular now days?
- Passwords can be difficult to remember and can be vulnerable to cyber-attacks such as phishing, brute-force attacks, and password cracking. Passwordless authentication provides a more secure and convenient way accessing the accounts.
- It can be integrated with various devices and platforms, including smartphones, laptops, and web applications. This makes it easy for users to access their accounts from different devices and locations, without having to remember different passwords.
What application require to use?
Microsoft Authenticator can be used to sign into any Azure AD account without using a password. Microsoft Authenticator uses key-based authentication to enable a user credential that is tied to a device, where the device uses a PIN or biometric.
Basic requirement of PasswordLess:
- Recommended: Azure AD Multi-Factor Authentication, with push notifications allowed as a verification method. Push notifications to your smartphone or tablet help the Authenticator app to prevent unauthorized access to accounts and stop fraudulent transactions. The Authenticator app automatically generates codes when set up to do push notifications. A user has a backup sign-in method even if their device doesn’t have connectivity.
- Latest version of Microsoft Authenticator installed on devices running iOS or Android.
- For Android, the device that runs Microsoft Authenticator must be registered to an individual user. (Microsoft is actively working to enable multiple accounts on Android.)
For iOS, the device must be registered with each tenant where it’s used to sign in. For example, the following device must be registered with Contoso and Goldenfive.net to allow all accounts to sign in:
hk@GoldenFive.net and PN@Goldenfive.net
- For iOS, we recommend enabling the option in Microsoft Authenticator to allow Microsoft to gather usage data. It’s not enabled by default. To enable it in Microsoft Authenticator, go to Settings > Usage Data.
How can we configure it?
Its very simple or easy to configure for Admin who have Global Admin rights.
- Go to Azure https://portal.azure.com/
- Go to Azure Active Directory portal.
- Go to Security
- Go to Authentication Method
Click on Microsoft Authenticator:
- Here we can define the Authentication Method “PasswordLess”:
Targeted user can be Selected Group as well. This means we simply can go ahead and enable the PasswordLess for Group based membership basis as well.
How End-user register for it?
To register the Microsoft Authenticator app, follow these steps:
Sign in, then select Add method > Authenticator app > Add to add Microsoft Authenticator.
Follow the instructions to install and configure the Microsoft Authenticator app on your device.
Select Done to complete Microsoft Authenticator configuration.
How End user is going to use:
1: Go to Office.com to login.
2: Enter email address or Login ID
3: Instead of password you should receive, below window:
4: If in case you see below window then click on “Use an app instead”: