Since biometrics are available on mobile phones and computers are becoming more prevalent, the number of password replacement technologies is increasing. Microsoft offers solutions based on platform, hardware, or software that organizations can try out and map with their password-less authentication requirements. Choosing the right technology is an important step towards adopting a password-less authentication approach. Microsoft offers three solutions: Windows Hello for Business, Microsoft Authenticator app, and FIDO2 security keys.
Windows Hello for Business
- Windows Hello for Business provides strong multi-factor authentication on Windows 10 platforms, including PCs and mobile devices, which acts as a replacement for passwords. This authentication uses a new type of credential (a biometric or PIN) linked to a device.
- The user authenticates a sign-in with a face, iris scan, fingerprint, or a PIN and is granted access to the organization’s applications, content, and resources without storing a password on the device or network. The biometric data is specific to the device and is only used locally.
- When a user performs the biometric gesture on the device, the provider can verify the user’s identity from the combination of Hello keys. This authentication grants Windows 10 access to resources and services.
Microsoft Authenticator app
- With the Microsoft Authenticator app, users verify their identity and authenticate their sign-in to access their work and personal accounts.
- Microsoft Authenticator adds additional security to the password with a one-time passcode or push notification.
- The app can also be used as a verification of multiple factors and replace passwords. Instead of a password, users verify their identity with a mobile phone through a fingerprint scan, face or iris recognition, or PIN.
- Once in the app, users verify their identity by matching a number on the sign-in screen and scanning a biometric; like face, fingerprint, or typing a PIN to unlock and complete the authentication.
- Microsoft Authenticator is built on secure technology similar to Windows Hello and is a simple app on a mobile device that makes it convenient for users. The app is available both on Android and iOS.
FIDO2 security keys
- FIDO2 is an authentication method that uses public-key cryptography through hardware devices. It is a solution that includes a strong first factor and multi-factor authentication.
- These new tools provide a security key that completely replaces usernames and passwords with hardware-based public/private key credentials that cannot be reused, replayed, or shared.
- Since these keys depend on high-security cryptography, they provide strong authentication, unlike traditional passwords. The FIDO2 security keys securely store credentials and are portable, making it easier for deskless and mobile workers to stay secure.
- Microsoft and their partners are working to ensure FIDO2 security devices are compatible with Windows, online Microsoft accounts, and the Microsoft Edge browser. This allows Microsoft users to enable strong password-less authentication.