Windows 10 gets support for two-factor authentication
Windows 10 will receive support for two-factor authentication, Microsoft has announced. A user’s PC or phone can be used as a second factor, in addition to a password or fingerprint.
The more secure login method should ensure that an attacker cannot access a device or web service if an attacker has a user’s username and password, Microsoft writes. Until now, many implementations of two-factor authentication relied on a password and code that was texted or generated by an app, but Microsoft has a different implementation in mind.
A user could choose to use his Windows PC as a second factor to log in to websites and services: he only needs to enter his password or fingerprint from that PC. The user can also choose to use the telephone as a second factor: it then lets web services know via Bluetooth or WiFi that the user is who he says he is. That’s similar to the USB key support Google recently introduced in Chrome; the phone takes the place of the USB key. According to The Register, iOS, Android and Windows Phone are supported. It is likely that Microsoft will introduce apps for that.
Furthermore, Windows 10 encrypts files by default. If the PC or laptop has a trusted platform module, the operating system will use it for this, but a RPM is not necessary. In addition, companies can prevent confidential files from being copied to remote locations. Companies can have employees indicate whether a file is confidential, or have all files marked as confidential. They can also indicate which apps are allowed to use the VPN connection.
Windows 10 must also make pass the hash attacks harmless. In such attacks, a malicious person uses the encrypted version of a user’s password to log in. This is no longer possible in Windows 10: passwords and other access tokens are then stored in a secure container. Even if an attacker manages to crack the Windows kernel, the data is protected, Microsoft assures.
Windows 10 should hit the market next year. Microsoft has already released a preview version so that users can try out the new operating system.