Tech giants Microsoft and Google are doubling down on passwordless authentication as new reports reveal the growing ineffectiveness of traditional passwords in safeguarding online accounts. Originally published on March 25, this story has been updated to include emerging research into the superiority of passkeys, expanded availability of Google’s hardware passkeys, and Microsoft’s decision to move away from passwords altogether—a move that impacts over a billion users.
The Password Problem
The warning signs have been loud and clear: passwords are no longer enough. With the surge of sophisticated infostealer malware and automated hacking tools, billions of credentials have been exposed to threat actors. Recent data shows more than 85 million of the most recently stolen passwords are actively being used in ongoing cyberattacks. A worrying development is the increased use of session cookies by hackers, allowing them to bypass two-factor authentication (2FA). This means even users who believe they are protected by OTPs and app-based authenticators could still be vulnerable if their session data is hijacked.
ALSO READ: Now Open: Pan-India Registration for Fraud Investigators!
The Rise of “Atlantis AIO”
The urgency of the situation has been underscored by the emergence of a powerful tool used by cybercriminals: Atlantis AIO (All-In-One). This automated hacking machine has reportedly been leveraging millions of stolen credentials to infiltrate everything from email and VPNs to streaming platforms and food delivery services.
What makes Atlantis AIO particularly dangerous is its efficiency. Once equipped with stolen credentials, the tool tests them across various platforms, looking for matches—a technique known as credential stuffing. It’s a volume game, and unfortunately, with billions of passwords already compromised, the odds are increasingly in the attackers’ favor.
Google and Microsoft Lead the Charge
In response, Google is expanding the availability of its hardware-based passkeys—physical devices or biometrics-enabled logins that eliminate the need for typed-in passwords. Google’s latest research highlights that passkeys are not only easier to use but drastically more secure than passwords, even when combined with 2FA. Microsoft, too, has taken a major leap. The company announced it is now phasing out passwords for its services entirely, a move that affects over a billion users globally. Instead, Microsoft is encouraging users to adopt authentication through Windows Hello, Microsoft Authenticator, physical security keys, or biometrics. This change aims to eliminate one of the weakest links in cybersecurity: password reuse and poor password hygiene.
Empanelment for Speakers, Trainers, and Cyber Security Experts Opens at Future Crime Research Foundation
Why Passwordless is the Future
Security experts agree that the move away from passwords is long overdue. Traditional passwords are often reused, predictable, and vulnerable to phishing and brute-force attacks. Passwordless solutions—such as passkeys, biometrics, and hardware tokens—are far less susceptible to these risks and offer a user-friendly experience. The FIDO Alliance, which includes Apple, Google, and Microsoft, has been championing passwordless standards for years. Now, with the rise of automated hacking tools like Atlantis AIO and growing threats from infostealers, that vision is becoming a necessity.
What Users Should Do
The message for users is clear: stop relying solely on passwords. Here’s what cybersecurity experts recommend:
- Adopt passkeys or security keys: Use biometric or hardware-based logins wherever supported.
- Enable multi-factor authentication: But know its limits and avoid SMS-based options.
- Avoid password reuse: Use a password manager to generate and store unique credentials.
- Monitor accounts regularly: Watch for suspicious login activity and use breach detection services.
- Be alert for phishing scams: Even the best technology won’t protect against human error.
Final Word
The transition to a passwordless future isn’t just a tech trend—it’s fast becoming a cybersecurity imperative. As tools like Atlantis AIO make it easier for criminals to exploit our reliance on outdated security practices, companies and individuals alike must embrace stronger, smarter alternatives. Because in the digital age, it’s not just about protecting data—it’s about protecting lives.
Follow The420.in on
Telegram, Facebook, Twitter, LinkedIn, Instagram and YouTube
