Microsoft moves closer to password-less ecosystem

by Mark Tyson on 21 November 2018, 10:01

Tags: Microsoft (NASDAQ:MSFT), Windows 10

Quick Link: HEXUS.net/qadzsz

Add to My Vault: x

Microsoft has recently shared a blog post on the progress of its "mission to eliminate passwords," from the Windows ecosystem. It is making it easier than ever to setup security and protections for your PC and this initiative includes using hardware security devices with Windows Hello. One of the major introductions is in enabling the use of USB or NFC FIDO2 devices.

Ahead of its update on what it has done in Windows and key Microsoft applications to address quick and convenient secure logins, the firm first makes the case for going password-less. Microsoft thinks typed passwords are often "difficult to remember, are often reused and can be used to hack your account anywhere, anytime, from any device". It hopes that Windows Hello, and the various hardware enhanced security methods it can use to verify your identity is the solution.

For a while now, people have been using fingerprint readers and depth cameras to log into Windows and Windows Hello aware apps quickly and securely. Microsoft has recently made updates to its Windows Security app Account Protection page which will alert users if there is a way to improve security. Setting up Windows Hello has been made more accessible as it is now possible to go straight to configuring this feature from the lock screen dialogue.

The headlining change highlighted in the Microsoft blog concerns setting up Windows Hello and Microsoft connected services to accept a Windows Hello or compatible security key. These compact hardware devices use a PIN or biometrics to unlock access to various Windows digital services. Using this new method Windows users will be able to sign in to the likes of Outlook.com, Office 365, Skype, OneDrive, Cortana, Microsoft Edge, Xbox Live on the PC, Mixer, Microsoft Store, Bing, and MSN.

Microsoft Edge has joined Google Chrome and Mozilla Firefox in its support for WebAuthn, which enabled the use of these hardware security keys. A ZDNet article explains that the new hardware key security uses the FIDO2 standard as follows; "where a private key is stored on the local device and requires a face, fingerprint or PIN code to unlock it. A public key is sent to Microsoft's account servers in the cloud and the key is registered with the user account."

If you were interested in getting a Microsoft-compatible FIDO2 security key for your desktop or laptop then it is recommended that you choose one from a Microsoft partner such as Yubico or Feitian Technology.



HEXUS Forums :: 14 Comments

Login with Forum Account

Don't have an account? Register today!
I would rather someone tortured me to extract my password than just knock me out and unlock my computer with the convenient password override key in my back pocket.

Luckily they have stated it would need a second factor to finish the auth but in my organisation, it would always be a long PIN or a password.
MFA still has to be the way to go; Something you know, something you have, and something you are.
wilko
MFA still has to be the way to go; Something you know, something you have, and something you are.

Or “Something you forget, Something you lose and something you cease to be!”
YOLO and I think all the TLAs used in MFA for FIDO and CTAP at W3C will make U2F enough of a PITA to discourage any GI AWOL from the CO at the BBC RTU anyway…. Who needs passwords with all that guff??!!
mark_a_scott
Or “Something you forget, Something you lose and something you cease to be!”

Lol. Amen brother.