Moving past passwords to a stronger authentication mechanism is an increasing goal for the tech industry. Microsoft has contributed design inputs to the Fast IDentity Online (FIDO) Alliance, to be incorporated within FIDO 2.0 Technical Specifications, and said that it will incorporate them into the upcoming Windows 10 release.
“Transitioning away from passwords and to a stronger form of identity is one of the great challenges that we face in online computing, and we believe FIDO authentication…is the pathway to success,” said Microsoft’s Dustin Ingalls, in a blog. “To address this challenge we joined the FIDO Alliance, where we are working alongside major industry partners to change the nature of authentication by developing specifications that define an open, scalable, interoperable set of mechanisms that supplant reliance on passwords to more securely authenticate users of online services.”
Taken together, the FIDO specifications define an open, scalable, interoperable set of strong authentication mechanisms that reduce the reliance on single-factor username and password login. They take into account devices, servers and client software, including browsers, browser plugins and native app subsystems.
“What’s most impressive is the FIDO Alliance’s focus on the authentication plumbing,” said Steve Wilson, vice president and principal consultant at Constellation Research. “The protocols enable trusted client devices to trade just the right data about their users. FIDO specifications aren’t tangled up in messy identity policy decisions. It’s an elegant breakthrough, and, going forward, it should drive a lot of the classic complexity out of the IdM space.”
The current Technical Preview build enables a number of enterprise scenarios, and showcases integration with Windows 10 sign-in, Azure Active Directory and access to major SaaS services like Office 365 Exchange Online, Salesforce, Citrix, Box and Concur, among others.
“With Windows 10, for the very first time Windows devices and Microsoft-owned and partner SaaS services supported by Azure Active Directory authentication can be accessed end-to-end using an enterprise-grade two-factor authentication solution—all without a password,” Ingalls said. “Windows 10 will also include Active Directory integration for on-premise scenarios and Microsoft Account integration for our consumer Microsoft services such as Outlook.com, OneDrive and more.”