Microsoft introduces biometric protection to Web browser
Microsoft has announced that its latest generation of Web browser will natively support its new biometric authentication standard.
In a blog post published earlier this week, Microsoft said that its new Edge browser, which is the default browser available with Windows 10 operating system, will support Windows Hello.
Windows Hello is described as a more personal way to sign in Windows 10 devices with just a look or a touch. Microsoft claims to enable enterprise-grade security through the process, without having users type-in a password.
Windows 10 incorporates multi-factor authentication technology based upon standards developed by the FIDO Alliance. The operating system includes improved support for biometric authentication through Windows Hello software and devices with supported cameras which allow users to login with face- or iris-recognition.
Devices with supported readers support fingerprint-recognition login. Credentials are stored locally and protected using asymmetric encryption.
The blog notes that Microsoft looks “forward to a Web where the user doesn’t need to remember a password, and the server doesn’t need to store a password in order to authenticate that user. Windows Hello, combined with Web Authentication, enables this vision with biometrics and asymmetric cryptography. In order to authenticate a user, the server sends down a plain text challenge to the browser. Once [we are] able to verify the user through Windows Hello, the system will sign the challenge with a private key previously provisioned for this user and send the signature back to the server. If the server can validate the signature using the public key it has for that user and verify the challenge is correct, it can authenticate the user securely.”
Microsoft notes that the new private keys issued under Windows Hello are stronger credentials because the Windows Hello platform prevents password guessing, phishing, and keylogging, and it is resilient to server database attacks.