Microsoft has announced that Windows Hello, its password-free biometric authentication system, has been FIDO2 certified, according to reports.
FIDO2 is a cryptography-based authentication standard, and using it makes it easier to sign into services and apps securely. It was originally developed by Google and Yubico, before the Fast IDentity Online (FIDO) alliance took it over.
This new system will replace passwords, which can be hard to remember and easy to hack.
“No one likes passwords (except hackers),” Yogesh Mehta, group manager of Microsoft’s crypto, identity and authentication team in Azure Core OS, wrote in a Microsoft blog post. “People don’t like passwords because we have to remember them. As a result, we often create passwords that are easy to guess — which makes them the first target for hackers trying to access your computer or network at work.”
There’s been movement lately toward a passwordless web, and several browsers, including Mozilla Firefox, Opera and Google Chrome, have added support for WebAuthn, which is a key standard for authentication.
Now, to generate and authenticate the keys, users can choose things like facial recognition, a smartphone or even an external authenticator.
This technology is still fairly nascent, so the issue developers may run into is picking a decided set of protocols on how the browsers and authenticators talk to each other. Collectively, those rules are called CTAP (Client to Authenticator Protocol).