Microsoft Passwordless Biometric Authentication Is Now FIDO2 Certified

Windows 10

Microsoft has announced that Windows Hello, its password-free biometric authentication system, has been FIDO2 certified, according to reports.

FIDO2 is a cryptography-based authentication standard, and using it makes it easier to sign into services and apps securely. It was originally developed by Google and Yubico, before the Fast IDentity Online (FIDO) alliance took it over.

This new system will replace passwords, which can be hard to remember and easy to hack.

“No one likes passwords (except hackers),” Yogesh Mehta, group manager of Microsoft’s crypto, identity and authentication team in Azure Core OS, wrote in a Microsoft blog post. “People don’t like passwords because we have to remember them. As a result, we often create passwords that are easy to guess — which makes them the first target for hackers trying to access your computer or network at work.”

There’s been movement lately toward a passwordless web, and several browsers, including Mozilla Firefox, Opera and Google Chrome, have added support for WebAuthn, which is a key standard for authentication.

The technology makes use of key encryption, which involves the use of two keys: one private and one public. The idea is hat users can send a message to someone using their public key, and when they receive the message they use their private key to decrypt it. Basically, it’s a JavaScript code autofill that will act as an intermediary between the user and a site.

Now, to generate and authenticate the keys, users can choose things like facial recognition, a smartphone or even an external authenticator.

Once the authenticator confirms the biometric information, it encrypts using a private key and sends it back to the browser, which sends it back to the website’s client-side JavaScript code. From there, it goes back to the server.

This technology is still fairly nascent, so the issue developers may run into is picking a decided set of protocols on how the browsers and authenticators talk to each other. Collectively, those rules are called CTAP (Client to Authenticator Protocol).


Latest Insights:

Our data and analytics team has developed a number of creative methodologies and frameworks that measure and benchmark the innovation that’s reshaping the payments and commerce ecosystem. In the December 2019 Mobile Card App Adoption Study, PYMNTS surveyed 2,000 U.S. consumers for a reveal of the four most compelling features apps must have to engage users and drive greater adoption.