Windows 10 users will soon be able to sign in to devices without using a password to encourage the use of two-factor authentication methods to improve security.
The security industry has long recognised that using passwords to access accounts provides little or no protection, and Microsoft is finally making passwordless sign-in available on Windows 10 devices.
The next major update of the Windows operating system in 2020 will allow users to enable passwordless sign-in and choose whether to use Windows Hello face authentication, fingerprints, or a personal identification number (PIN) to access Microsoft accounts.
“Enabling passwordless sign-in will switch all Microsoft accounts on your Windows 10 device to modern authentication,” the company said in a blog post.
Microsoft argues that while a PIN may seem very much like a password, it is much more secure. Passwords are symmetric keys that have to be stored on a server, and if that server is compromised, so is the password. A PIN, in contrast, is “user-provided entropy” (randomness) that is stored on a device in a trusted platform module (TPM), and therefore immune to compromise in the same way as passwords. A PIN is also useless without the user device because it will not work without the associated TPM.
Enabling passwordless sign-in on Windows 10 devices is the latest initiative by Microsoft in an industry-wide effort to encourage the use of two-factor authentication and to end the world’s reliance on passwords that are easily compromised and typically re-used across multiple accounts, enabling credential stuffing attacks.
Microsoft has already given Windows 10 the option to sign in using codes sent by text message, the Microsoft Authenticator app, Windows Hello and physical security keys that comply with the Fido2 standard.
The Fido Alliance of industry partners, including Microsoft, Google and Intel, claims that, collectively, Fido2 enables users to authenticate to online services in both mobile and desktop environments using common devices now that multiple major web browsers, including Chrome, Firefox and Microsoft Edge, have implemented the standards and Android, Windows 10 and related Microsoft technologies have built-in support for Fido Authentication.
Microsoft also enables users to set up a Microsoft account without a password by entering a mobile phone number as the username and a code sent to that number to initiate a login. Once Windows 10 is logged in, users can log into their device using Windows Hello or a PIN.
The good news is that the passwordless option is also scheduled to be made available to business users through Azure Active Directory, which will allow businesses to become fully passwordless.
This article originally appeared on ComputerWeekly.