More than 800 million people who use a Microsoft account can now securely log in without having to remember a password, the company has said.
These options are easier and more secure than manually typing in usernames and passwords.
“Microsoft has been on a mission to eliminate passwords and help people protect their data and accounts from threats,” Alex Simons, Corporate Vice-President of Program Management at Microsoft’s Identity Division, wrote in a blog post. “As a member of the Fast Identity Online (FIDO) Alliance and the World Wide Web Consortium, we’ve been working with others to develop open standards for the next generation of authentication. I’m happy to share that Microsoft is the first Fortune 500 company to support password-less authentication using the WebAuthn and FIDO2 specifications, and Microsoft Edge supports the widest array of authenticators compared to other major browsers.”
Unlike passwords, FIDO2 protects a user’s information by generating a public and a private key when you register a relevant device. The private key is stored securely on the PC, while the public key is held in Microsoft’s cloud. It can then be unlocked using Windows Hello or a personal identification number – which never leave the device – in a two-factor authentication process. When you try to log in, the Microsoft account system verifies the key.
To use the feature via Windows Hello, update to Windows 10 October 2018, open Edge, click “More Options” and “Use Windows Hello or a Security key”.
When using a FIDO2 security key, update to the latest version of Windows, go to the Microsoft account page on Edge and sign in as usual. Select “Security” and “More Security Options”; under “Windows Hello and Security Keys” you will see instructions for setting up a security key. Next time you sign in, you can either click “More Options” and “Use a Security Key” or type in your username. You will then be asked to use a security key to sign in.
Simons said Microsoft will go further to make PCs more secure.
“We have tons of great things coming out as part of our efforts to reduce and even eliminate the use of passwords,” he wrote. “We are currently building the same sign-in experience from a browser with security keys for work and school accounts in Azure Active Directory. Enterprise customers will be able to preview this early next year, where they will be able to allow their employees to set up their own security keys for their account to sign in to Windows 10 and the cloud.
“Furthermore, as more browsers and platforms start supporting the WebAuthn and FIDO2 standards, the password-less experience – available on Microsoft Edge and Windows today – will be hopefully available everywhere.”