Windows 10 will offer new two-factor authentication method
Microsoft is addressing security threats with its upcoming release of Windows 10 by making advancements to strengthen identity protection and access control, information protection, and threat resistance, according to a Windows blog by Jim Alkove.
Windows 10 will move away from the use of single factor authentication options, such as passwords.
The multi-factor security feature is built right into the new operating system and device itself, eliminating the need for additional hardware security peripherals.
As Alkov explains, the two factor authentication ensures that the device itself is required for authentication, with the second factor being a PIN or biometric, such as fingerprint.
This means that an attacker would require the user’s physical device and the means to use the user’s credential, which in turn would require access to the user’s PIN or biometric information.
Users will be able to enroll each of their devices with these new credentials, or they can enroll a single device, such as a smartphone, which will serve as their mobile credential.
The credential will enable users to sign-in into all of their PC’s, networks, and web services as long as they also have their smartphone close by.
Using Bluetooth or Wi-Fi communication, the smartphone will act like a remote smartcard to provide two factor authentication for both local sign-in and remote access.
The credential can either be a cryptographically generated key pair (private and public keys) created by Windows itself or it can be a certificate provisioned to the device from existing PKI infrastructures.
By offering both of these options, Windows 10 is able to accommodate those organizations with existing PKI investments and facilitates web and consumer situations where PKI backed identity does not make sense.
Additionally, Active Directory, Azure Active Directory, and Microsoft Accounts will all support the new Window 10 user credentials solution right out of box.