News

Microsoft Previews Password Alternative in Edge Browser

Microsoft announced on Monday that its Microsoft Edge browser now supports the Web Authentication spec at the preview stage, enabling the testing of an alternative means of carrying out user authentications besides passwords.

The Web Authentication spec is a standard for the use of public key cryptography in credentials being developed by the Fast IDentity Online (FIDO) Alliance industry coalition and the Worldwide Web Consortium (W3C) organization. Currently, the Web Authentication spec is at the W3C's "Candidate Recommendation" stage, meaning that it's considered stable and is one step away from being a W3C "Recommendation" and ready for implementation.

The aim of the spec is to move away from using passwords for user authentications, which is conceived as problematic because passwords are subject to information disclosure and phishing attacks. Instead, user identities get verified by a fingerprint reader, a face scan or a personal ID number. A so-called FIDO 2.0 "companion device" may be used in the process, such as a wristband with near-field communication capabilities, a card swipe or a USB drive.

Microsoft currently supports the Web Authentication spec in build 17723 or higher of the Edge browser, which can be tested by Windows Insider Program participants. Microsoft also added FIDO 2.0 support in its Windows Hello biometric sign-in capability, which was released in the Window 10 April 2018 (version 1803) release. The Windows Hello capability is designed to work with Azure Active Directory-joined devices.

Microsoft indicated in its announcement that it is "working with industry partners on lighting up the first passwordless experiences around the web" with the Edge browser preview of the Web Authentication spec. However, other browser makers may already be at the same stage.

For instance, Google has already implemented the Web Authentication spec in its Chrome browser version 67, according to its status documentation. Mozilla also supports the Web Authentication spec in its Firefox browser version 60, according to its documentation, although it's described as being "experimental technology."

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Microsoft Talks Teams and SharePoint at Modern Workplace Event

    It's a hybrid world, but remote work is here to stay, according to Microsoft's Teams and SharePoint head Jeff Teper.

  • Malwarebytes Affirms Other APT Attack Methods Used Besides 'Solorigate'

    Security solutions company Malwarebytes affirmed on Monday that alternative methods besides tainted SolarWinds Orion software were used in the recent "Solorigate" advanced persistent threat (APT) attacks.

  • How To Fix the Hyper-V Read Only Disk Problem

    DOS might seem like a relic now, but sometimes it's the only way to fix a problem that Windows seems ill-equipped to deal with -- like this one.

  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

comments powered by Disqus