Microsoft will be implementing a new means of user authentication in the form of Windows Hello. The system will allow users to replace passwords with more secure biometric authentication methods like facial recognition, iris scanning, or fingerprint sensors.
Windows Hello will be made part of the upcoming Windows 10 operating system, and Microsoft is promising a range of devices that will support the biometric scanning. The announcement post mentions that machines that already have a fingerprint scanner will be able to use it for Windows Hello, while facial and iris recognition will require a special combination of hardware and software.
The idea is that Windows Hello will make it easier for computer users to log into their machines, while also increasing security. While the average home consumer probably won’t get much mileage out of this trick, the impact will be much bigger on enterprise users. Especially if it removes the need for employees to change their passwords on a regular basis. It would also make business systems more secure in the event that the machines are stolen.
However, Microsoft is not just stopping there. It has also introduced Windows Passport, a form of public key cryptography, where the private key is store solely on the users device. This removes the need for users to have passwords for online accounts, and are instead verified based on the device that they are using. Ideally, this means that it is impossible for an account to be hacked without first stealing the computer.
Combined with Windows Hello, Windows Passport will create a more secure experience for users. Seeing that any hacker would need to not only steal the computer, but also the users, face, fingerprints, or eyes. While it might not stop a determined criminal, it should deter the usual cyber-criminal who simply wants to hijack social media accounts for laughs.
To make Windows Passport more useful, Microsoft has also joined the Fast Identity Online (FIDO) Alliance, which includes industry giants like ARM, Google, and the Alibaba Group. Ideally, this would remove the need to remember passwords across the internet; but it is too early to say just how many services will pick up public key cryptography as a login option.
Microsoft is currently working with hardware partners to make Windows Hello compatible with all devices that ship with Windows 10, and has already announced that OEM systems shipping with Intel’s RealSense 3D camera will be ready to use the facial recognition system. It is likely that facial recognition will be the most popular option, considering that fingerprint and iris scanning will both require additional hardware that could affect the cost of the devices.
It is interesting to see Microsoft trying to improve security by removing passwords from the equation. That being said, it is unknown how it will interact with mobile devices. Microsoft has not mentioned smartphones and tablets especially considering that none of the Microsoft smartphones have any fingerprint sensors. However, considering that Microsoft is trying to make the Windows 10 experience the same across all platforms, it may only be a matter of time before we see Windows Hello and Passport for mobile as well.
[Source: Windows Blog]