News

FIDO2, Windows 10's Password Replacement, Now Ready

It's now possible to use devices based on the Fast IDentity Online 2.0 (FIDO2) protocol with a Microsoft account and Windows 10 version 1809 to verify user access, Microsoft announced on Monday.

Essentially, this capability obviates the need for a password. It works with desktop and mobile devices, permitting access to applications such as Microsoft Office, Outlook and Skype. However, a Microsoft document stated that "this functionality is not available yet on phones."

Organizations can use a FIDO2-based device or they can use Windows Hello, Microsoft's biometric identity solution, with a Microsoft account. The FIDO2 devices supported might be a USB thumb drive with a fingerprint reader, or some other kind of security key.

The ability to work with a Microsoft account is only available in the U.S. market right now. However, it'll be available worldwide "over the next few weeks," Microsoft's announcement promised.

The FIDO2 capability requires using the Windows 10 October 2018 Update (version 1809), as well as the Microsoft Edge browser. Despite its rerelease earlier this month, Windows 10 version 1809 may still be blocked for some users because of new problems found with Intel display drivers, and a few other problems, as listed in Microsoft's Windows 10 Update History page.

To use the capability, Microsoft's announcement suggested that organizations will need to buy a security key that supports the FIDO2 standard. The criteria are outlined in this document.

Microsoft is using the WebAuthn and FIDO2 CTAP2 specifications, which require that both a private and public key get added to a device. Organizations will need to have a Trusted Platform Module on the device to store these keys. The Trusted Platform Module can be implemented via hardware or software.

Microsoft is claiming that it's among "the first in the world to deploy FIDO2" in its products, according to this blog post, which described the standard. It added that Windows 10 version 1809 has support for the "latest WebAuthn Candidate release," which is "a stable release not expected to normatively change before the specification is finally ratified."

On top of the Microsoft account support for FIDO2 in Windows 10 version 1809, it'll be possible to get FIDO2 support using Azure Active Directory work or school accounts in the near future.

"We are currently building the same sign-in experience from a browser with security keys for work and school accounts in Azure Active Directory," Microsoft's announcement explained. "Enterprise customers will be able to preview this early next year, where they will be able to allow their employees to set up their own security keys for their account to sign in to Windows 10 and the cloud."

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.