Passwords, the long-relied-upon information security measure that helps secure billions of user accounts daily, have become a little long in the tooth. When you consider advances in attack techniques and information security technology, the days of the password are numbered. This raises the question of what to do about user privacy on Windows 10 devices.
Over the recent years, new methods of authentication security have emerged to fill this security void and Microsoft Passport is one such method that deserves exploration. This article will detail how to use Microsoft Passport in Windows 10, including what Microsoft Passport is, a little about how it works, prerequisites and implementation of Microsoft Passport in your organization.
What is Microsoft Passport?
Microsoft Passport is a user authentication measure new to Windows 10 and is the response to the user privacy issue mentioned above. Instead of relying on a traditional password for user account security, Microsoft Passport uses two factor authentication (2FA).
The two factors of this authentication method are usually the Windows device itself and a PIN chosen by the user. This offers enhanced information security over the password and, in many ways, makes the concept of the traditional password obsolete. It can be used to log into:
- Microsoft accounts
- Azure Active Directory Accounts
- Active Directory accounts
- Non-Microsoft services that can support Fast ID Online (FIDO)
A little about how Microsoft Passport works
Microsoft Passport uses a certificate based on an asymmetrical key pair to keep user information secure. The Microsoft account creates a public key pair upon registration which identifies the user whenever they log in.
The user will choose a gesture (PIN, biometric) which is linked to a certificate. The Windows device attests to this certificate when it has TPM 1.2 or 2.0. If the device (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/FrWWvzyG7j0/