Microsoft will add biometric authentication support to Windows 10.
Redmond revealed its intention to do so at the White House Cybersecurity and Consumer Protection, where group program manager for Windows security and identity Dustin Ingalls announced the company has “contributed design inputs to the Fast IDentity Online (FIDO) Alliance”. Those contributions will make it into the second version of the FIDO spec.
The FIDO Alliance aims “to address the lack of interoperability among strong authentication devices as well as the problems users face with creating and remembering multiple usernames and passwords.” The group “plans to change the nature of authentication by developing specifications that define an open, scalable, interoperable set of mechanisms that supplant reliance on passwords to securely authenticate users of online services.”
Two authentication methods are envisaged, as explained in the graphic below.
The FIDO Alliance's preferred authentication methods
Ingalls writes that Microsoft's work on FIDO has been slipped into the current Windows 10 Technical preview, which allows logging in to “Windows 10 sign-in, Azure Active Directory, and access to major SaaS services like Office 365 Exchange Online, Salesforce, Citrix, Box, Concur” and other services “using an enterprise-grade two-factor authentication solution – all without a password.”
Microsoft reckons punters and corporate IT types alike are going to enjoy FIDO in Windows 10 and with supercolossal breaches now a just-about-weekly event its hard to argue with that assertion. ®