Intel Reveals Multifactor Hardware Authentication for PCs
Intel believes it has the broken the password barrier with new technology that will enable hardware-based multifactor authentication. The company today unveiled Intel Authenticate, firmware for Windows PCs running its new 6th Generation Core Processors that'll enable up to four factors of authentication based on policies determined by IT.
The company released a preview of Intel Authenticate for customers to test, though the company hasn't said when it'll be generally available. Intel is working with its key OEM partners and Microsoft to optimize and deliver the new technology. Though ideal for Windows 10, Intel Authenticate will work on Windows 7 and Windows 8.1 but requires the new CPUs, said Tom Garrison, vice president and general manager of the company's business client division.
Garrison privately previewed the technology late last week and formally launched it today at an event in San Francisco, Calif. Intel Authenticate could give IT decision makers the biggest reason to upgrade their PCs by removing the largest enabler of data theft -- compromised user credentials. In a demo I caught in New York last week, Garrison said IT can create policies that enable one form of multifactor authentication -- initially fingerprint scanning, with facial and iris recognition coming later -- or other forms of authentication such as logical location (when using vPro), proximity to a user's smartphone via Bluetooth or PINs generated by the Intel graphics engine entered with a mouse or touchscreen to avoid breaches from key loggers.
"Biometrics is the wave of the future," Garrison said. "We think this will go a long way to making clients more secure."
IT can establish polices that only require one form of authentication if a user is coming in from a known network and require MFA when trying to gain access from a public location, Garrison said. IT can also determine which forms of authentication are required and in what order.
While Microsoft is aiming to make biometric authentication mainstream with its Windows Hello and Passport technologies in Windows 10, Intel Authenticate promises to deliver embedded hardware-based MFA to business computers for the first time, said Patrick Moorhead, president and principal analyst with Moor Insights & Strategy. "You can be more secure by adding single-factor biometrics but you still have a password and it still can be taken from you," Moorhead said. "With this multifactor authentication here, nothing is hacker proof, but it reduces the likelihood that social engineering or compromised credentials will be the cause of a breach."
Garrison played down any notion that Intel Authenticate will compete with Windows Hello, noting both companies support the FIDO alliance which is creating biometric authentication standards. Those standards will be key to ultimately enabling single sign-on using biometrics. Intel Authenticate actually uses Windows Hello to train the hardware to recognize a biometric identity, Garrison said. Furthermore, Intel and Microsoft, along with PC OEMs, are working together and will be jointly supporting these capabilities as the year goes on, Garrison said. The technology won't be available on hardware other than the latest 6th generation Core processors, though vPro is only necessary when using logical location as a form of authentication. Garrison credits this to a significant leap in performance at the CPU level. "This hardware is actually in our chipset, and Intel runs the firmware in the chipset," he said. "It does all the factor-matching, the IT policy enforcement as well as deciding whether or not to grant access."
While that all happens in hardware, he said it's supported in key system and credential platforms including Intel Security's McAfee ePolicy Orchestrator, Microsoft's System Center Configuration Manager and Enterprise Mobility Suite. It can also utilize Active Directory and Group Policy settings.
Posted by Jeffrey Schwartz on 01/19/2016 at 2:17 PM