Microsoft’s Windows 10, reportedly to be released in late 2015, is supposed to have some sort of “password replacement solution”. Are you ready to move your company to fingerprint or other biometric authentication methods? Even though it could make signing in easier for users, how secure is it? Microsoft is allegedly adding support for the Fast Identity Online (Fido) standard to Windows 10. This addition will enable password-free sign-on for a number of applications.
What is FIDO?
The FIDO (Faster IDentity Online) alliance was formed in 2012. Among its members are Google, PayPal and MasterCard. Microsoft became a part of the alliance in late 2013. Its purpose is to develop universal specifications for systems that eliminate the need for passwords to ensure secure authentication for online users of services. In other words, if you go to a password-less system, FIDO specs makes sure that system in secure for users. FIDO launched its first set of specifications in late 2014. Specifically, these look at how various sites and services identify and authenticate users in a password-less and second-factor technology environment, such as smartphone fingerprint readers, USB dongles, face, and voice. The specifications look to see how these technologies interact with various sites and services.
It is the specifications promulgated by FIDO with which Microsoft promises its new version of Windows, Windows 10, will be in compliance. Thus, devices and software built in compliance with the specifications can work with the newly released platform. Microsoft claims that security will, in fact, be tightened with Windows 10. This new system will have built-in standards, which require two-factor authentication to every device. Phishing attacks and password database breaches will essentially be wiped out for organizations that widely adopt the new operating system.
Group program manager for Windows security and identity Dustin Ingalls writes that Windows 10 allows logging in to “Windows 10 sign-in, Azure Active Directory, and access to major SaaS services like Office 365 Exchange Online, Salesforce, Citrix, Box, Concur” and other services “using an enterprise-grade two-factor authentication solution – all without a password.” Apparently, also for services such as Outlook.com, Windows 10 will also include Active Directory integration and Microsoft Account integration.
Windows 10 promises to be a good addition to the security of your business. It will not only allow your IT department to free up time currently spent on providing forgotten passwords, but it will also provide more security in its authentication process. Moreover, one of the announcements coming out of Microsoft’s headquarters relating to Windows 10 is that it will be available for free for one year to users of Windows 7 and 8.
There is some indication this may only apply to consumers unless Windows is currently being used per license. However, this is positive news to consumers, and having Windows 10 on home computers no doubt will encourage companies to use it on employee PCs.