Microsoft has passed another milestone on its quest to kill off passwords. The company has now gained official FIDO2 certification for Windows Hello, the Windows 10 biometric authentication system.
Microsoft Build 201
The certification applies to Windows 10 version 1903, aka the May 2019 Update, which is scheduled to be released to the public in late May and means Windows Hello has been approved as a FIDO2 'authenticator'.
SEE: 10 tips for new cybersecurity pros (free PDF)
Windows Hello offers Windows 10 users access to their devices by using a fingerprint or facial-recognition sensors on the PC as well as PINs.
"No one likes passwords (except hackers)," says Yogesh Mehta, group manager for Microsoft's crypto, identity and authentication team in Azure Core OS.
"People don't like passwords because we have to remember them. As a result, we often create passwords that are easy to guess – which makes them the first target for hackers trying to access your computer or network at work."
Consumers can expect to start seeing FIDO Certified logos on new Windows 10 PCs, and they'll be able to sign in to online accounts using Windows Hello on all PCs upgraded to version 1903 using the FIDO2 standard.
The certification is part of an industry-wide push for passwordless sign-in, which includes the WebAuthn or Web Authentication WC3 standard that's supported by Mozilla Firefox, Microsoft Edge, and Google Chrome. The standard also has preview support in Apple Safari while Chrome on Android has been officially FIDO2 certificated.
With WebAuthn users can register and authenticate on websites or apps using an 'authenticator' – such as Windows Hello – instead of a password. That authenticator can be a hardware security key that the user has connected to a computer. It can also be a biometric ID acquired from a PC or smartphone biometric sensor. WebAuthn was officially endorsed in March.
The Windows 10 1903 FIDO2 certification extends beyond Microsoft's own software. For example, Windows 10 users who prefer Mozilla Firefox will be able to log into their Microsoft Account and other FIDO-supporting sites with Windows Hello. Additionally, users of Microsoft's Chromium-based Edge will be able to do the same soon.
Microsoft sites that users should be able to sign into with Windows Hello – be it on Edge, Chrome or Firefox – include Outlook.com, Office 365, Skype, OneDrive, Cortana, Microsoft Edge, Xbox Live on the PC, Mixer, Microsoft Store, Bing, and MSN.
While major online services like Dropbox currently support WebAuthn, not everyone's convinced that Microsoft's Windows Hello technology is suitable.
UK banking group Lloyds recently announced it had no intention to support Windows Hello for logging into online accounts.
More on Microsoft, Windows and passwords
- Windows 10: Microsoft ditches its 'ancient, obsolete' expiring password policy
- Windows 10: Bank says no plans to roll out Windows Hello after pilot project
- Gates predicts death of the password
- Windows 10: Microsoft's plan to kill passwords moves on with new test build
- Severe vulnerabilities uncovered in popular password managers
- Study shows programmers will take the easy way out and not implement proper password security
- Windows 10: Now it's tap or look to sign in to Outlook, Office 365, OneDrive, Skype
- Microsoft plans new 4K webcams to bring facial recognition to all Windows 10 devices, says report
- Windows 10 moves closer to killing off passwords with Edge WebAuthn logins
- Microsoft: This Azure password-banning tool will help kill off bad 'P@$$w0rd' habits TechRepublic
- Safari tests USB security key support to help fix our password problems CNET