Microsoft Highlights Windows Hello Companion Device Progress
Microsoft's partners have been busy producing alternative means for verifying user identities without passwords via Windows Hello.
The partners include Nymi, Yubico, RSA and HID, among others. They have been building Windows Hello's little friends, which Microsoft calls "companion devices."
Windows Hello is Microsoft's password-less identification verification system, which unlocks Windows 10 devices via facial scans, fingerprint scans, swipe patterns and PINs. Windows Hello companion devices, on the other hand, add additional access options. They can work without a camera or fingerprint scanning devices to verify users.
Windows Hello companion devices are enabled through specifications in Microsoft's Windows Hello Companion Device Framework. Companion devices are things like bands, cards or USB devices that permit PC access with just a tap, a wireless transmission (Bluetooth or near-field communications) or by plugging a small device into a port. Some of these devices can support multifactor authentication schemes, too.
One of the companion devices featured by Microsoft's announcement is the Nymi Band. It's worn on the wrist and uses a person's cardiac pattern via Nymi "HeartID" technology to authenticate a user. The user taps a button on the band and their cardiac pattern gets verified, unlocking the Windows 10 PC if the pattern matches the one that was used during the Nymi Band setup phase.
Yubico's YubiKey looks like a thumb drive and plugs into a USB port to provide access to a Windows Hello-enabled PC. The YubiKey uses a verification application, built according to Microsoft's Companion Device Framework, to enable the access, according to a Yubico blog post.
RSA has produced an application, called the "SecureID Access Authenticator," that makes a mobile device work like a Windows Hello companion device. A Windows 10 PC can be unlocked by just having the mobile device next to the PC, according to this RSA video.
HID Global added near-field communications to its iClass Seos cards, allowing cards used for building-door access by employees to also serve as Windows Hello companion devices for unlocking Windows 10 PCs. The user holds the card near a device with a contactless reader to unlock the PC or they can use a separate reader device for the process, according to this HID video.
Microsoft's Windows Hello verification scheme uses the Universal Authentication Framework protocol fostered by the FIDO Alliance, an industry coalition initially formed by PayPal to use biometrics for identification purposes, eliminating the need for passwords. The U2F version of the protocol is the one that supports second-factor FIDO ("Fast ID Online") verification. The verification gets carried out by a service that creates a private key for a device during a registration process, according to a description by the FIDO Alliance.
All told, there were "nearly 100 unique biometric-enabled Windows devices and accessories" on the market during the last year's holiday season, according to Microsoft's announcement. It added that more than 20 partners had joined the effort when Microsoft released the Windows Hello Companion Device Framework at Build 2016, Microsoft's developer event held last spring.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.