The Schwartz Report

Blog archive

Intel Reveals Multifactor Hardware Authentication for PCs

Intel believes it has the broken the password barrier with new technology that will enable hardware-based multifactor authentication. The company today unveiled Intel Authenticate, firmware for Windows PCs running its new 6th Generation Core Processors that'll enable up to four factors of authentication based on policies determined by IT.

The company released a preview of Intel Authenticate for customers to test, though the company hasn't said when it'll be generally available. Intel is working with its key OEM partners and Microsoft to optimize and deliver the new technology. Though ideal for Windows 10, Intel Authenticate will work on Windows 7 and Windows 8.1 but requires the new CPUs, said Tom Garrison, vice president and general manager of the company's business client division.

Garrison privately previewed the technology late last week and formally launched it today at an event in San Francisco, Calif. Intel Authenticate could give IT decision makers the biggest reason to upgrade their PCs by removing the largest enabler of data theft -- compromised user credentials. In a demo I caught in New York last week, Garrison said IT can create policies that enable one form of multifactor authentication -- initially fingerprint scanning, with facial and iris recognition coming later -- or other forms of authentication such as logical location (when using vPro), proximity to a user's smartphone via Bluetooth or PINs generated by the Intel graphics engine entered with a mouse or touchscreen to avoid breaches from key loggers.

"Biometrics is the wave of the future," Garrison said. "We think this will go a long way to making clients more secure."

IT can establish polices that only require one form of authentication if a user is coming in from a known network and require MFA when trying to gain access from a public location, Garrison said. IT can also determine which forms of authentication are required and in what order.

While Microsoft is aiming to make biometric authentication mainstream with its Windows Hello and Passport technologies in Windows 10, Intel Authenticate promises to deliver embedded hardware-based MFA to business computers for the first time, said Patrick Moorhead, president and principal analyst with Moor Insights & Strategy. "You can be more secure by adding single-factor biometrics but you still have a password and it still can be taken from you," Moorhead said. "With this multifactor authentication here, nothing is hacker proof, but it reduces the likelihood that social engineering or compromised credentials will be the cause of a breach."

Garrison played down any notion that Intel Authenticate will compete with Windows Hello, noting both companies support the FIDO alliance which is creating biometric authentication standards. Those standards will be key to ultimately enabling single sign-on using biometrics. Intel Authenticate actually uses Windows Hello to train the hardware to recognize a biometric identity, Garrison said. Furthermore, Intel and Microsoft, along with PC OEMs, are working together and will be jointly supporting these capabilities as the year goes on, Garrison said. The technology won't be available on hardware other than the latest 6th generation Core processors, though vPro is only necessary when using logical location as a form of authentication. Garrison credits this to a significant leap in performance at the CPU level. "This hardware is actually in our chipset, and Intel runs the firmware in the chipset," he said. "It does all the factor-matching, the IT policy enforcement as well as deciding whether or not to grant access."

While that all happens in hardware, he said it's supported in key system and credential platforms including Intel Security's McAfee ePolicy Orchestrator, Microsoft's System Center Configuration Manager and Enterprise Mobility Suite. It can also utilize Active Directory and Group Policy settings.

Posted by Jeffrey Schwartz on 01/19/2016 at 2:17 PM


  • Spaceflight Training in the Middle of a Pandemic

    Surprisingly, the worldwide COVID-19 lockdown has hardly slowed down the space training process for Brien. In fact, it has accelerated it.

  • Surface and ARM: Why Microsoft Shouldn't Follow Apple's Lead and Dump Intel

    Microsoft's current Surface flagship, the Surface Pro X, already runs on ARM. But as the ill-fated Surface RT showed, going all-in on ARM never did Microsoft many favors.

  • IT Security Isn't Supposed To Be Easy

    Joey explains why it's worth it to endure a little inconvenience for the long-term benefits of a password manager and multifactor authentication.

  • Microsoft Makes It Easier To Self-Provision PCs via Windows Autopilot When VPNs Are Used

    Microsoft announced this week that the Windows Autopilot service used with Microsoft Intune now supports enrolling devices, even in cases where virtual private networks (VPNs) might get in the way.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.