Microsoft is adding support for the Fast Identity Online (Fido) standard to Windows 10 to enable password-free sign-on for a number of applications.
PC users’ reliance on weak passwords that are easily cracked (and yet somehow still easy to forget, leaving the IT department with the tedious and time-consuming chore of managing them) coupled with regular password leaks by consumer apps mean moving to fingerprint or other biometric authentication methods could make signing in easier for users and make systems more secure as well.
Dustin Ingalls, Windows security and identity programme manager at Microsoft, said the company has contributed “design inputs” to the Fido’s upcoming 2.0 technical specs.
“Transitioning away from passwords and to a stronger form of identity is one of the great challenges that we face in online computing,” said Ingalls.
The Fido standards aim to create a “universal framework” for secure but password-free authentication. Fido supports biometrics such as face, voice, iris, and fingerprint or dongles, and members of the group include Samsung, Visa, PayPal, RSA, MasterCard, Google, Lenovo, ARM, and Bank of America as well as Microsoft.
Ingalls said the Fido implementation in the Windows 10 Technical Preview reflects Microsoft’s contribution to the Fido 2.0 specification technical working group, and showcases integration with Windows 10 sign-in, Azure Active Directory, and access to software-as-a-services packages like Office 365 Exchange Online, Salesforce, Citrix, Box, and Concur.
“With Windows 10, for the very first time Windows devices and Microsoft-owned and partner SaaS services supported by Azure Active Directory authentication can be accessed end-to-end using an enterprise-grade two-factor authentication solution – all without a password,” he said.
Windows 10 will also include Active Directory integration and Microsoft Account integration for consumer Microsoft services such as Outlook.com and OneDrive, Ingalls added.