Microsoft now officially supports biometric authentication in Web browser
Last week, Microsoft introduced official support for its Web Authentication specification in Microsoft Edge, its naive Web browser for Windows 10.
With Web Authentication, Microsoft Edge users can sign in with their face, fingerprint, PIN, or portable FIDO2 devices, leveraging strong public-key credentials instead of passwords.
In March 2018, the FIDO Alliance announced that Microsoft’s Web Authentication APIs had reached candidate recommendation (CR) status by the World Wide Web Consortium (W3C), a major milestone for the maturity and interoperability of the specification.
Beginning with recently released build 17723, Microsoft Edge will support the CR version of Web Authentication. Microsoft’s implementation will provide the most complete support for Web Authentication to date, with support for a wider variety of authenticators than available in other browsers.
The new build will support Windows Hello, which allows users to authenticate without a password on any Windows 10 device, using biometrics—face and fingerprint recognition—or a PIN number to sign in to web sites. With Windows Hello face recognition, users can log in to sites that support Web Authentication in seconds, with just a glance.
The new specification will also allows users to leverage FIDO2 security keys to authenticate with a removable device and with biometrics or a personal information number (PIN). For Web sites that are not ready to move to a completely “password-less model”, backwards compatibility with FIDO U2F devices will provide a strong second factor in addition to a password.
Microsoft first introduced its Web Authentication specification in 2016, when the firm shipped the industry’s first preview implementation of the Web Authentication API in Microsoft Edge. Since that time, the company has been updating its implementation, working with numerous vendors along with the FIDO Alliance.
The software vendor continues to work with other industry partners on continually improving “password-less” experiences around the Web. At RSA 2018, Microsoft shared a sneak peak of how APIs could be used to approve a payment on the web using facial recognition. The firm believes that “password-less” authentication experiences will become the foundation for a world without passwords.