Microsoft recently announced that Windows 10 will support the Fast Identity Online (FIDO) 2.0 specification.
Instead of passwords to access Microsoft services, and other third-party accounts, people will be able to use a fingerprint or eye scan, possibly integrated with a key fob for two-factor authentication for added security.
Biometric scanners have already been integrated into numerous devices such as smartphones, laptops, and tablets. But FIDO is an open standard, meaning any company can implement it into their products or services.
During the registration process with an online service, the user’s device creates a new key pair. The system retains the private key and registers the public key with the online service. Authentication is performed by the user’s device proving possession of the private key to the service by signing a challenge. Private keys can be used only after they are unlocked locally on the device by the user. The local unlock is done by a user–friendly and secure action such as swiping a finger, entering a PIN, speaking into a microphone, inserting a second–factor device or pressing a button. Biometric information, if used, is kept at the user’s device.
Microsoft focused largely on features that would interest IT types, such as FIDO support for major enterprise-focused cloud services including Office 365 Exchange Online. But FIDO in Windows 10 will also work with consumer services such as Windows 10 sign-ins, Outlook.com, and OneDrive. Microsoft end customers will enjoy for the first time a professional authentication solution, typically targeted at businesses.