Windows 10 Eliminates Passwords - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Operating Systems
News
3/17/2015
05:05 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
100%
0%

Windows 10 Eliminates Passwords

Microsoft is bringing more personalization and security features to Windows 10, including biometric authentication to unlock a device.

Windows At 30: Microsoft's OS Keeps Evolving
Windows At 30: Microsoft's OS Keeps Evolving
(Click image for larger view and slideshow.)

Microsoft is demonstrating its growing focus on personalization as the launch of Windows 10 slowly rolls closer. New updates indicate that it plans to try biometric authentication in hopes of bringing more convenience and security to compatible devices.

At its Redmond press event on Jan. 21, officials described the new OS as "the first step to an era of more personal computing." The goal is to go beyond standalone mobile devices and create features that let content make the transition from one device to another.

The latest upgrade designed to improve the mobile user experience is Windows Hello, a biometric authentication system that provides instant identity verification to devices running Windows 10. Windows Hello has system support that allows users to unlock a device by scanning their face, iris, or fingerprint rather than typing a password.

In a March 17 blog post on the announcement, Microsoft's Joe Belfiore writes that the Windows Hello system authenticates applications, certain online experiences, and enterprise content without the necessity of stowing a password. The technology is safer and more convenient than traditional passwords, he claims.

[Microsoft Office Delve Learns From You]

While passwords are the primary means to secure personal data today, they're not as safe as most people like to think, Belfiore writes. Tight device security requires users to implement dozens of passwords, many of which people keep simple for memorization purposes. Simple passwords are vulnerable to hacks.

The system requires specialized hardware, such as a fingerprint reader, an illuminated IR sensor, or another biometric sensor to function. Belfiore said there are "plenty of exciting new Windows 10 devices" which will support Windows Hello that already have fingerprint scanners.  

How does it work? A combination of hardware and software, including infrared cameras, verify that the user is providing an accurate identity, and not a picture of someone else. Microsoft promises the system contains enterprise-grade security that can be safely used within government, finance, healthcare, and other sensitive businesses.

Microsoft is collaborating with hardware partners to launch Windows Hello-compatible devices to roll out with Windows 10. All OEM systems that feature the Intel RealSense 3D camera will support facial and iris authentication.

In an additional effort to reduce the need for password authentication, Microsoft is bringing a feature called "Passport" to Windows 10. It's a programming system that promises more secure sign-in for IT managers, software developers, and website authors. The system will authenticate users on networks, apps, and websites without storing a password that is potentially vulnerable to hackers.


(Image: Microsoft)

(Image: Microsoft)

Before authenticating on behalf of a Windows 10 user, Passport will verify the correct owner has possession of a device with a PIN, using Windows Hello on compatible products. Once the user is authenticated, he or she has access to a range of services and websites such as business networks, financial institutions, email, and social networks.

Windows 10 will also provide security and identity protection for enterprises so that they can offer employees new devices that run Windows 10 with the hardware to support Windows Hello. This will enable greater security and password-free authentication for business applications. 

Belfiore notes the importance of protecting biometric data and writes that both Windows Hello and Passport are opt-in services. Biometric information is stored locally on Windows 10 devices and is only used to unlock the device and the Passport feature. It isn't used to authenticate users over a network.

Attend Interop Las Vegas, the leading independent technology conference and expo series designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization’s IT action plan. It happens April 27 to May 1. Register with Discount Code MPOIWK for $200 off Total Access & Conference Passes.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Kelly22
50%
50%
Kelly22,
User Rank: Strategist
3/23/2015 | 11:21:52 AM
Re: Using only Bio-Metrics is Unsecure
From what I've seen, two-factor authentication is a pretty solid means of keeping accounts secure. The problem is, most people are too lazy to use it. Sure, it's annoying, but a small price to pay for tight security.
SunitaT0
50%
50%
SunitaT0,
User Rank: Ninja
3/22/2015 | 10:54:19 PM
Re: Using only Bio-Metrics is Unsecure
I really like this synchronized access from a device enabled to the PC. Really eliminates all sorts of dependence on the IT department to secure my access. I just would be so happy if they introduced a powerful firewall.
vnewman2
50%
50%
vnewman2,
User Rank: Ninja
3/19/2015 | 3:08:09 PM
Re: Using only Bio-Metrics is Unsecure
I am talking about home users too (although this a business tech site, so...)

I use dual authentication to get into my gmail and my old hotmail account.  No one has ever broken into either account.
hho927
50%
50%
hho927,
User Rank: Ninja
3/19/2015 | 2:29:32 PM
Re: Using only Bio-Metrics is Unsecure
We're talking about home users(regular users).

If we're talking about corp users, I agree with you. Corporations may have many layers of authentication to grand users access. Employees have to do it, because it's part of their job.

LOL My co-workers whine: Why it's so difficult to get access? IT dept makes our job more difficult. Computer suppose to make work easier not harder. My answer is : It's not suppose to be easy because if it's easy everybody can access. I'm not going to compromise our security.
vnewman2
50%
50%
vnewman2,
User Rank: Ninja
3/19/2015 | 2:13:10 PM
Re: Using only Bio-Metrics is Unsecure
The only means I've personally found to be secure - in the sense that no one has ever been able to access accounts without me knowing or have my permission - are those that require dual authentication methods.

In our enterprise, we are also require dual authentication for anyone to remote into the office via Citrix, meaning they need both the ICA Client installed along with a One Time Code when they log in to the web portal.  This type of setup is the result of security audits by our banking clients.
hho927
50%
50%
hho927,
User Rank: Ninja
3/18/2015 | 1:05:49 PM
Re: Using only Bio-Metrics is Unsecure
:-)

There is nothing secure if users are not aware of anything. If a copy of your finger print is stolen then everything can be stolen.

The most popular password is still 12345. If you make multilayer authentication, do you think the 47% of the population willing to do it? LOL I think not.

BTW: most home computers don't use any password.

 
pea-are
50%
50%
pea-are,
User Rank: Apprentice
3/18/2015 | 9:55:35 AM
Using only Bio-Metrics is Unsecure
Let's not forget that fingerprint readers are just as (or even more) easily by-passed than traditional passwords. Jan Krissler demostrated at the Chaos Computer Club how a fingerprint could be stolen from a high resolution image. 

Using biometrics instead of a password isn't really a fix. It's just giving users another false sense of security. It would be better if Windows recommended users perform multifactor authentication. I'd love to see a pop-up the first time a user logs on suggesting to setup multifactor or the Windows Security Center alerting when multifactor isn't enabled. That would be real progress. It appears that Windows is trying to be trendy and relevant.
Brian.Dean
100%
0%
Brian.Dean,
User Rank: Ninja
3/18/2015 | 6:37:01 AM
Re: Face recognition
Good point @hho927, the limitation of biometric authentication is very real as you described. I feel that passwords have provided the world a good starting point but, as the number of services and devices continue to increase, it become difficult for the consumer or business user to remember 200+ user names and passwords -- biometrics seems to be the best option at the moment.
hho927
100%
0%
hho927,
User Rank: Ninja
3/17/2015 | 7:28:06 PM
Face recognition
I'm using face recognition system. It doesn't work out well. Put on a hat = it confuses. Longer hair = it confuses.

I'm using a finger print reader now. It works well.

Anyway, underneath all of those, it's still a password base system. The software translate my finger prints, face into a password.
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
Commentary
If DevOps Is So Awesome, Why Is Your Initiative Failing?
Guest Commentary, Guest Commentary,  12/2/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll