News

FIDO2, Windows 10's Password Replacement, Now Ready

It's now possible to use devices based on the Fast IDentity Online 2.0 (FIDO2) protocol with a Microsoft account and Windows 10 version 1809 to verify user access, Microsoft announced on Monday.

Essentially, this capability obviates the need for a password. It works with desktop and mobile devices, permitting access to applications such as Microsoft Office, Outlook and Skype. However, a Microsoft document stated that "this functionality is not available yet on phones."

Organizations can use a FIDO2-based device or they can use Windows Hello, Microsoft's biometric identity solution, with a Microsoft account. The FIDO2 devices supported might be a USB thumb drive with a fingerprint reader, or some other kind of security key.

The ability to work with a Microsoft account is only available in the U.S. market right now. However, it'll be available worldwide "over the next few weeks," Microsoft's announcement promised.

The FIDO2 capability requires using the Windows 10 October 2018 Update (version 1809), as well as the Microsoft Edge browser. Despite its rerelease earlier this month, Windows 10 version 1809 may still be blocked for some users because of new problems found with Intel display drivers, and a few other problems, as listed in Microsoft's Windows 10 Update History page.

To use the capability, Microsoft's announcement suggested that organizations will need to buy a security key that supports the FIDO2 standard. The criteria are outlined in this document.

Microsoft is using the WebAuthn and FIDO2 CTAP2 specifications, which require that both a private and public key get added to a device. Organizations will need to have a Trusted Platform Module on the device to store these keys. The Trusted Platform Module can be implemented via hardware or software.

Microsoft is claiming that it's among "the first in the world to deploy FIDO2" in its products, according to this blog post, which described the standard. It added that Windows 10 version 1809 has support for the "latest WebAuthn Candidate release," which is "a stable release not expected to normatively change before the specification is finally ratified."

On top of the Microsoft account support for FIDO2 in Windows 10 version 1809, it'll be possible to get FIDO2 support using Azure Active Directory work or school accounts in the near future.

"We are currently building the same sign-in experience from a browser with security keys for work and school accounts in Azure Active Directory," Microsoft's announcement explained. "Enterprise customers will be able to preview this early next year, where they will be able to allow their employees to set up their own security keys for their account to sign in to Windows 10 and the cloud."

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • IBM Giving Orgs a Governance Lifeline in Agentic AI Era

    Nearly overnight, organizations are facing brand-new challenges caused by self-directed AI systems (a.k.a. agentic AI). Big Blue is extending them some help.

  • Microsoft Launches Integrated E-mail Security Ecosystem for Defender for Office 365

    Microsoft is expanding its e-mail security capabilities with the launch of a new Integrated Cloud Email Security (ICES) ecosystem for Microsoft Defender for Office 365.

  • Microsoft Joins Workday's AI Agent Partner Network

    Microsoft has become a key partner in Workday's newly launched AI Agent Partner Network, aligning with other industry leaders to integrate AI agents into enterprise workforce systems.

  • LinkedIn CEO Ryan Roslansky To Lead Microsoft's Productivity Initiatives

    In a strategic leadership realignment, Microsoft has appointed LinkedIn CEO Ryan Roslansky to oversee its consumer and small business productivity software division, encompassing Microsoft 365, Teams and AI-driven tools like Copilot.