Tuesday, May 05, 2015

security: Microsoft Passport and Windows Hello

Microsoft Passport and Windows Hello: Moving Beyond Passwords and Credential Theft | Build 2015 | Channel 9
"Microsoft Passport in Windows 10... is easy to deploy, always multi-factor, theft- and phish-proof, interoperable on premise and on the web, and so inexpensive that there is almost no excuse to not take advantage of it...Windows Hello: biometric authentication which can provide instant access to your Microsoft Passport"

Another Microsoft attempt to provide end-to-end security solution, this time  included in Windows 10. Windows "Hello" is a biometric authentication  platform, with
  • face-recognition, 
  • fingeprint and 
  • iris-scan
Microsoft "Passport" is a PKI based authentication system that replaces passwords. For each application (or site), "Passport" creates a (RSA) pair of keys, publishes public key to the other side, and saves private key in a local secured storage. Where available on a computer, hardware protection is used to store private keys. Access to authentication system is protested by a PIN (4-digit number, like on iOS or Android), with progressive slowing down on retries. "Hello" authentication can be used instead of PIN... A similar solution was in Vista/7 but was not popular... will this be better accepted?

Microsoft Passport is based on FIDO Alliance standard.


No comments: