Microsoft is looking to banish passwords to log onto windows devices and is using technology with Windows Hello such as multi-factor authentication and biotmetrics in lieu of that.

According to Microsoft’s Principal Program Manager for Enterprise Security Karanbir Singh,

Nobody likes passwords. They are inconvenient, insecure, and expensive. In fact, we dislike them so much that we’ve been busy at work trying to create a world without them – a world without passwords.

Singh indicated that the goal was to make it possible for end users to never deal with a password in their day-to-day lives, and to provide instead user credentials that cannot be cracked, breached, or phished.

For Microsoft, multi-factor authentication and biometrics is seen as a good replacement for passwords – using a physical key, and/or your face or fingerprint to log into your device instead of a string of letters and numbers. Microsoft’s Windows Hello biometric log-in is now being used by over 47 million users and that more than 5,000 businesses have deployed Windows Hello for Business, which is used on over one million commercial devices.

Another technology in the mix is the Microsoft Authenticator app, which allows you to access your Microsoft account using your mobile phone.

Thus according to Singh, that part of the Windows 10 April 2018 update, with Windows 10 in S mode, cloud users – using Managed Service Account or Azure Active Directory – now can use their Windows 10 PC (with S mode enabled) without ever having to enter their passwords, by simply using the authenticator app as well as Windows Hello.

According to Microsoft, following the ratification of Fast Identity Online FIDO2 security keys by the FIDO working group, it is now updating Windows Hello to enable secure authentication in more scenarios.

Microsoft is also working on a private preview for shared PCs to allow users to log on using FIDO2 Security keys, allowing staff to carry their credentials with them and authenticate to any Azure AD-joined Windows 10 shared PC that’s part of their organization.

With this, a user can walk up to any device belonging to the organization and authenticate in a secure way without the need to enter a username and password, or set up Windows Hello beforehand. Windows Hello FIDO2 Security Key feature is now in limited preview: customers can register for the waitlist if they want to be involved, said Singh.

Scenarios where this could be useful include at a helpdesk, where an employee can walk up to any device and log in using Windows Hello rather than username and password, or in healthcare where medical staff need access to patient records on a device no matter where the patient is located.

Was this article helpful?