The Schwartz Report

Blog archive

Microsoft Says Goodbye to Passport with Updated Windows Hello

Tomorrow's release of the Windows 10 Anniversary Update will give the operating system improved biometric log on capabilities via its Windows Hello feature but it will mean goodbye to Passport, the component of that enabled authentication. The demise of Passport is a change in name only, Microsoft said in late June. It won't be the first time Microsoft has cast aside the Passport brand, which was once the name of the single sign-on service also formerly known as Live ID (and now called the Microsoft Account).

It was surprising that Microsoft resurrected Passport last year when introducing Windows Hello but perhaps the thinking behind the revival was that it would help customers correlate it with the notion of single sign-on. When Microsoft released Windows 10 a year ago, Passport specifically was the component in Windows 10 that let users authenticate to a Microsoft account, an Active Directory within Windows Server, an Azure Active Directory account and any service that supports the Fast ID Online (FIDO) authentication specification. Windows Hello represents the biometric authentication component, which could include a fingerprint scanner available on some systems, facial recognition or a gesture. Windows Hello can also enable authentication via a PIN. Windows 10, when released last year, used Passport to authenticate users.

"Collectively, these represented our FIDO 2.0 aligned end-to-end multi-factor authentication solution," said Nathan Mercer, a Microsoft technical evangelist, who explained the change in a TechNet post in late June. "Moving forward, Windows Hello will represent the brand we will refer to for our FIDO-aligned end-to-end multi-factor authentication solution. Microsoft Passport will be retired as a brand and the credential is now considered part of Windows Hello," Mercer noted. "From a customer's perspective, this is simply a semantics issue and there are no material changes from a configuration or security perspective."

Since last summer's release of Windows 10, the FIDO 2.0 spec, for which is the framework in the Hello technology was originally conceived, was still under development by the FIDO Alliance, a consortium that includes over 250 members including Microsoft, Google, PayPal, Bank of America, Dropbox and GitHub. The alliance submitted the spec to the World Wide Web Consortium (W3C), the Internet standards body responsible for specs and languages including CGI, HTML, SOAP and XML, among others. The FIDO Alliance is working with the W3C to ensure these Web APIs allow FIDO 2.0 authentication to work across platforms and anywhere on the Web. "Once this work is complete, we will synchronize any applicable changes into Windows Hello itself," Mercer said.

Another improvement to Windows Hello is that it will secure credentials from theft and unauthorized changes to a device's hardware-based Trusted Platform Module (TPM). Windows Hello will use software-based encryption on devices that don't have the embedded Intel TPM hardware.

In addition to the Windows Hello improvements, the 350 million Windows 10 users receiving tomorrow's update will see some other noteworthy security improvements in the OS including malware scanning, threat detection, the ability to schedule scans and receive reports when threats are discovered. Enterprise customers will also get the new Windows Defender Advanced Threat Protection feature (WDATP), which "detects, investigates, and responds to advanced malicious attacks on networks by providing a more comprehensive threat intelligence and attack detection," said Yusuf Mehdi, corporate vice president for the Microsoft Windows and Devices Group, in a blog post last month. Several new PCs will support Windows PC including the latest Asus ZenBook Pros and Transformer with fingerprint scanners and a camera that enables facial recognition, respectively and the Dell Inspiron 7000. For systems that don't support Windows Hello, MouseComputer has announced a peripheral camera that users can plug into any USB port. The company, based in Japan, also will offer a peripheral fingerprint scanner.

Posted by Jeffrey Schwartz on 08/01/2016 at 12:10 PM


comments powered by Disqus

Subscribe on YouTube