twobee - Fotolia
June's Microsoft Authenticator for Android update reflects an effort to move enterprise tech security forward.
The password-management app lets Android users go passwordless, where they use their phones instead of a password to log in to a service, and it provides an avenue for multi-factor authentication. It supports Microsoft services like its email product Outlook and its cloud-storage option OneDrive, as well as logging in to third-party accounts like Facebook, Dropbox and Google. The June update enables users to see their recent account activity, update their security information and change passwords directly in the app.
The features in this update were made available in the iOS version of the app last spring.
Holger Mueller, vice president and principal analyst at Constellation Research, said Microsoft's continued support of the feature could prove helpful to IT admins looking to make logging in to enterprise accounts easier.
"Microsoft makes strides to support the future of work by bringing key admin and security features to mobile devices" with this move, he said. "Combining smartphone and other platforms for admin and security purposes is a successful strategy that finds the right compromise between security and convenience."
Security is a pain point
Forrester Research analyst Andrew Hewitt noted that having passwords that are frequently updated and sufficiently complex was important for businesses to remain secure. That can be difficult for the user, who must routinely pick passwords that are easy to remember, but difficult to break.
"That's one of the big issues: getting people to have those updated passwords, and make sure you're doing that on a regular cadence," he said. "Password managers can really help, in terms of keeping the complexity of the password and the frequency of password changes, but also not requiring them to remember a 15-digit password."
The explosion of remote work in the wake of the COVID-19 pandemic, Hewitt said, made password security especially critical, as more and more workers are logging in from outside the corporate network.
Mark Bowker, senior analyst at Enterprise Strategy Group, said password managers have become an important tool for businesses as security practices have evolved.
"Usernames and passwords no longer are adequate," he said. "Even though most companies rely on usernames and passwords for authentication, I think companies' eyes were starting to open, prior to COVID-19, that [they] were no longer acceptable."
Hence, Bowker said, Microsoft's drive to incorporate smartphones -- devices that are already in the pockets of most users -- into securing accounts.
Mueller, though, said he would have liked to have seen greater parity between the various OS versions of the app.
"One could only wish that Microsoft [would release updates] at the same time for iOS and Android -- the No. 1 smartphone OS on this planet -- [which is] something Microsoft stumbled again with this release," he said.
The future of security
Bowker believes enterprises will add new means of authentication in the future, although he does not believe usernames and passwords will be going extinct anytime soon.
"The user will have to enter their username and password less often," he said, adding that security may focus more on biometrics in the future, perhaps even using the fingerprint scanners or facial identification measures that are now being built into phones. "COVID-19 will only accelerate the value of those, and how companies want to use them."
A situation in which the password is minimized -- or even eliminated entirely -- while stronger measures like biometrics are favored, Hewitt said, might be both simpler for users and more secure for businesses.
"A passwordless [option] is really something [that] can improve security, but doesn't require someone's brainpower to memorize everything," he said.