Microsoft has introduced new security measures for its Account holders requiring signing in with face or a security key instead of the regular password, which feature makes use of the Windows Hello biometric security or a physical security key.
The move is Microsoft’s attempt to make it pretty easy for users with poor password management and to reduce the incidence of account hacking due to weak passwords, by allowing users to sign into its services without requiring a username or password.
For the feature to work, you must be running the Windows 10 October 2018 Update and using Microsoft’s Edge browser, with your security key compatible with the FIDO2 CTAP specification which technology powers the new security measures.
Albeit, this is not actual killing of the password, as it comes with some pretty strict requirements, though lots of individual still don’t bother using a password manager, and most passwords are terribly poor.
The process isn't quite a take-on the common two-factor authentication, whereby a user has to first enter a username and password, before a message is sent to phone for completion of log-in, as it works minus the initial factors.
This new capability is implemented using Windows Hello and FIDO2 specifications, and based on Windows 10 built-in secure enclave, known as hardware trusted platform module (TPM) or a software TPM.
Unlike the password, FIDO2 protects user credentials using public/private key encryption, while the private key is stored securely on the device and can only be used after it has been unlocked using a local gesture like biometric or PIN.
And with more browsers and platforms supporting the WebAuthn and FIDO2 standards, the password-less experience — which is now only available on Microsoft Edge and Windows 10 — will be a possible experience everywhere!
No comments