Microsoft has announced that Windows 10 will feature biometric authentication. More specifically, the technology titan has joined the Fast IDentity Online (FIDO) Alliance, and will contribute “design inputs” into the FIDO 2.0 technical specifications. Here’s how Microsoft says how FIDO works:
FIDO standards enable a universal framework that a global ecosystem delivers for a consistent and greatly improved user experience of strong password-less authentication. Interoperability of FIDO products is a hallmark of FIDO authentication and for this reason we’re confident that it will succeed in transforming the industry.
To translate that into simple and clear, FIDO provides standards for integrating biometric and second-factor authentication technologies into all devices, apps, and other things whose builders and/or owners agree to implement FIDO’s standards.
Microsoft also states that it is building FIDO specifications into Windows 10’s “Technical Preview,” so that “members of the Windows Insider Program can start evaluating it right away.” The standards will be integrated into Windows 10 Sign In, Azure Active Directory, Office 365, Salesforce, Citrix, Box, Concur, and more. This means accessing the whole suite of Microsoft and partner apps without needing a password once.
Amid all this excitement about the wonderful future finally arriving, let us remember that biometric authentication techniques are not the silver bullet many had hoped. James Bourne at Enterprise Apps Tech News reminds us why:
Apple pushed out biometric protection for its iPhone 5S in 2013, which was promptly hacked by the Chaos Computer Club.
Fingerprints in particular are vulnerable to theft, as we leave them everywhere, and many other potential biometric authentication techniques rely on sensitive medical data which, if stolen, could result in serious legal trouble. The two factor architecture could help, but the effectiveness and utility of the system for organizations will hinge on which biometric techniques they choose to adopt. The framework to integrate it all together is therefore a necessary but insufficient condition for providing better identity and access management.
Latest posts by Doug Atkinson (see all)
- Yahoo Goes Passwordless to Access Account Services - April 6, 2015
- The Identity of Things Could Streamline Government Services - March 30, 2015
- The Third-Party Threat: Are You Safe? - March 18, 2015