Windows 10 says Hello to no passwords with FIDO2 certification

Microsoft moves 800 million people closer to a no-password world.

From passwords to biometrics: How far are we willing to go? Getting rid of passwords is a good idea, but we need to think through the consequences of the most likely replacement, too. Read more: https://zd.net/2Oj7xvX

Microsoft has passed another milestone on its quest to kill off passwords. The company has now gained official FIDO2 certification for Windows Hello, the Windows 10 biometric authentication system. 

The certification applies to Windows 10 version 1903, aka the May 2019 Update, which is scheduled to be released to the public in late May and means Windows Hello has been approved as a FIDO2 'authenticator'.  

SEE: 10 tips for new cybersecurity pros (free PDF)

Windows Hello offers Windows 10 users access to their devices by using a fingerprint or facial-recognition sensors on the PC as well as PINs.      

"No one likes passwords (except hackers)," says Yogesh Mehta, group manager for Microsoft's crypto, identity and authentication team in Azure Core OS.

"People don't like passwords because we have to remember them. As a result, we often create passwords that are easy to guess – which makes them the first target for hackers trying to access your computer or network at work."

Consumers can expect to start seeing FIDO Certified logos on new Windows 10 PCs, and they'll be able to sign in to online accounts using Windows Hello on all PCs upgraded to version 1903 using the FIDO2 standard

The certification is part of an industry-wide push for passwordless sign-in, which includes the WebAuthn or Web Authentication WC3 standard that's supported by Mozilla Firefox, Microsoft Edge, and Google Chrome. The standard also has preview support in Apple Safari while Chrome on Android has been officially FIDO2 certificated. 

With WebAuthn users can register and authenticate on websites or apps using an 'authenticator' – such as Windows Hello – instead of a password. That authenticator can be a hardware security key that the user has connected to a computer. It can also be a biometric ID acquired from a PC or smartphone biometric sensor. WebAuthn was officially endorsed in March

The Windows 10 1903 FIDO2 certification extends beyond Microsoft's own software. For example, Windows 10 users who prefer Mozilla Firefox will be able to log into their Microsoft Account and other FIDO-supporting sites with Windows Hello. Additionally, users of Microsoft's Chromium-based Edge will be able to do the same soon. 

Microsoft sites that users should be able to sign into with Windows Hello – be it on Edge, Chrome or Firefox – include Outlook.com, Office 365, Skype, OneDrive, Cortana, Microsoft Edge, Xbox Live on the PC, Mixer, Microsoft Store, Bing, and MSN.

While major online services like Dropbox currently support WebAuthn, not everyone's convinced that Microsoft's Windows Hello technology is suitable. 

UK banking group Lloyds recently announced it had no intention to support Windows Hello for logging into online accounts. 

More on Microsoft, Windows and passwords