Microsoft has announced that it will be transitioning away from passwords in Windows 10 in an effort to increase security. The technology giant is a member of the Fast Identity Online (FIDO) Alliance, which also includes many other industry leaders like ARM, Google, and the Alibaba Group. What this means for the new operating system is still unclear, although the company has said that the feature is appearing in the technical preview.
There is little specific information about what features Microsoft is implementing, although it was said that Windows 10 will adopt the protocols agreed upon by FIDO. There are two finalised standards from the alliance, and both are based on public key cryptography. The idea is that the user will create a matching crytographic key pair during registration, of which one will be kept private with the user while the other becomes a public key and is stored with the client.
The private key stored with the user remains locked until opened with a secure action, such as a finger print, pressing a physical button on the device, speaking into a microphone, or even entering a PIN.
A blog post from Microsoft says that it will be implementing the FIDO 2.0 standards, and that Windows Insiders can start evaluating the programme right away. However, most of the features are currently centered on enterprise situations, which many users will not encounter; or will avoid using until the final build is released.
Still, it is a good sign to see Microsoft dedicated to improving security standards in the world’s most used OS. With any luck, we will see fewer incidents of passwords being stolen or brute force hacking of user accounts. Windows 10 is due out later this year and it will be interesting to see how many technology companies can implement the FIDO standards as well.
[Source: Microsoft]
