'

Passport name out, Hello anchors Windows 10 MFA platform

Windows 10 Anniversary Update showcases evolution of Microsoft's multi-factor authentication efforts

Microsoft is once again spiking the name Passport and will use Windows Hello alone to brand its end-to-end multi-factor authentication platform that is part of Windows 10.

With the platform's Anniversary Update, which was announced today and is expected to go live on Aug. 2, Windows Hello will become the sole brand of Windows 10 identity services and the company's flagship to eliminate passwords, according to a Microsoft TechNet blog post by Chris Hallum, a senior product manager at Microsoft.

This multi-factor service is aligned with Microsoft's participation in the FIDO Alliance and work on the FIDO 2.0 strong authentication protocol.

Passport was the name given to Microsoft's first attempt at developing a single sign-on service, but bugs, privacy concerns and dwindling support caused its demise in the early 2000s.

In Windows 10, Hello began as user verification based on factors such as biometrics and the user's own device. Passport was an additional credential on top of those that focused on authentication.

Now, the credential is part of Hello, which in the Windows 10 Anniversary Update supports devices along with PINs and biometrics as factors. The credential part remains largely the same, although without the Passport name.

"Factor" and "Credential" are two concepts that anchor the Windows Hello environment.

Aligned with the Anniversary Update, the Windows Hello Companion Device Framework allows vendors to build external devices (i.e. companions) such as a hard token, a wearable or a smartphone that work with Windows Hello. These devices, which can include characteristics that meet industry regulatory requirements for secure authentication such as FIPS 140-2, become another factor in a Windows 10 multi-factor authentication environment.

The second phase of Windows Hello development incorporates FIDO 2.0, a strong authentication protocol developed by the FIDO Alliance. The protocol was finalized late last year and a set of APIs was turned over the World Wide Web Consortium (W3C) for formal standardization. The W3C's WebAuthn Working Group aims to have a stable draft by September 2016.

Microsoft says Windows Hello multi-factor authentication is designed to work across platforms and everywhere on the Web. Key to that reality is the incorporation of the FIDO-built specifications. Once the W3C work is complete, Microsoft will make any needed changes and update Windows Hello, according to the blog post.