Windows 10 Security Upgrades: Hello, Passport, FIDO

Windows10HelloWindows 10 will be featuring a built in security feature called Hello, as well as Passport, for online security, and is supporting the FIDO Alliance as well.  Hello will use fingerprint, facial recognition or iris scanning to authenticate you to your computer, and from there, authenticate you to your domain or workgroup resources.  The facial recognition camera will use infrared to get around recognition issues that may be caused by the addition or subtraction of facial hair in men, or the presence or absence of make-up in women.  IR also overcomes problems with differing lighting levels.  This camera will be used for iris scanning as well.

Windows Hello will provide the Enterprise-grade security and privacy required by government, defense, financial, health care, and other highly regulated operations. Windows Hello is using asymmetric key cryptography to authenticate users, and is similar to the technology that powers security in SmartCards. So the security level will be very robust, and offered, as it is, built into the Windows operating system, will require little effort from users.

Windows Passport continues this encrypted level of authentication outward to the Internet, specifically to Microsoft sites such as Outlook.com, OneDrive, and other web accounts that Microsoft controls.  Once Windows Hello has verified identity, it will unlock your Microsoft Passport on this system and allow access to online sites and services that use your Microsoft account. Passport also eliminates the need for online sites to store your password online where they are at risk in a cyber-attack.  Only the public keys or half of your encryption key is stored online. The main encryption key is remains secured to your computer.

Their support of the FIDO Alliance extends this commitment to non-Microsoft sites and services in a meaningful way.  The fact that Microsoft is committed to an open source standard is a refreshing change of pace for a company that has leaned on forcing proprietary solutions onto customers that lack interoperability with non-Microsoft systems and software.

We have been warning about the problem with passwords and their immanent demise as a useful security method and are encouraged with these developments in Redmond.

0

About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.