Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security Windows IT

Windows 10 Update Will Support More Password-Free Logins (engadget.com) 66

An anonymous reader writes: It's not just web browsers that are moving beyond passwords. Microsoft has revealed that Windows 10's next update will support the new FIDO 2.0 standard, promising password-free logins on any Windows 10 device managed by your company or office. You could previously use Windows Hello to avoid typing in a password, of course, but this promises to be more extensive -- you could use a USB security key to sign into your Azure Active Directory.
This discussion has been archived. No new comments can be posted.

Windows 10 Update Will Support More Password-Free Logins

Comments Filter:
  • by Hasaf ( 3744357 ) on Tuesday April 17, 2018 @03:56PM (#56454659)

    From the summary it looks like they are reverting to only using something you have, which is, normally, a lower level of security.

    • by gravewax ( 4772409 ) on Tuesday April 17, 2018 @04:04PM (#56454707)
      For the average home user that reuses passwords with names and birthdays or simple repeated phrases it is a massive security improvement. For someone that understands the consequences of bad password management, password strength and reuse it is a decrease. The reality is for decades we have all tried to teach password health and for decades users have failed to learn, not sure if it is us IT people to blame or the users, either way it means passwords are very very weak security for a large percentage of the population.
      • Computers are to blame. What used to be good enough is now easy to bypass because of increasing computer power. You think your random 64-characters password is safe? Wait until quantum computers become commonplace.

      • by Calydor ( 739835 )

        It's neither the users nor the IT people. The IT people taught the lesson, many users learned it.

        The thing is that typing a STRONG password with seemingly random lower and upper case characters, numbers, and signs, all while effectively blindfolded, is hard. Do it wrong a couple of times? Congrats, now you're locked out. Oh, and you have to do it a dozen or more times a day.

        Is it any wonder people settle for a good-enough password that they can easily remember and actually feel if they're typing it wrong, e

      • I've seen a preview of the new passwordless login, if you get your password wrong three times it says âoePardon meâ¦Have you forgotten your password? What password would you like?â and you (or anyone else) gets to change it to something more memorable.
    • by Anonymous Coward

      we need tongue print scanners

      • Re: (Score:3, Funny)

        by taustin ( 171655 )

        Because you like licking your computer? You don't know who else has licked it, you know. It's like you're licking everyone who has ever used that computer.

        I'm gonna go set up a Kickstarter for tongue condoms. I'll be rich!

    • Also Known As...Something you have that can be stolen that can be used to fake the computer into thinking its you.
      • by Calydor ( 739835 )

        What is the security saying about having physical access to a machine to plug in a USB dongle?

        • What is the security saying about having physical access to a machine to plug in a USB dongle?

          "Physical access is no access to remote resources when you still have to validate against a different remote server."
          That ol' chestnut?

  • by the_skywise ( 189793 ) on Tuesday April 17, 2018 @03:59PM (#56454679)
    We've rediscovered java rings I see...
    https://www.javaworld.com/arti... [javaworld.com]
    • Those were cool for their time. I knew one dot.com that used those instead of contactless badges for door entry because they didn't trust RFID transponders.

  • ...nothing new?

    • by dog77 ( 1005249 )
      What is new is that many companies got together and created a standard protocol for general purpose authentication. If adopted, it will allow the authentication to happen where the user decides it is convenient and safe (e.g. secure password manager device). Right now, the general state of things is that authentication typically takes place in the application and in a manner that the application decides. You have to trust that the application was designed in a safe manner and that it will not leak your se
  • by Locke2005 ( 849178 ) on Tuesday April 17, 2018 @04:10PM (#56454749)
    OTHER parts of your anatomy can also be used for "fingerprint" login! (Unless you are Trump, it which case your "Little Donny" is far too small!)
  • The US government has already proven and the courts agreed that a finger print can be compelled. I'd like to use a combination of facial recognition, a finger print and a password, and maybe even a physical device. A voice recognition option would be an effective addition as well. Any less and you might as well just not use any security at all.

    • The US government has already proven and the courts agreed that a finger print can be compelled. I'd like to use a combination of facial recognition, a finger print and a password, and maybe even a physical device. A voice recognition option would be an effective addition as well. Any less and you might as well just not use any security at all.

      Why not add a duress password/phrase/keystroke/specific fingerprint that induces a deep wipe pf the device.

      • The US government has already proven and the courts agreed that a finger print can be compelled. I'd like to use a combination of facial recognition, a finger print and a password, and maybe even a physical device. A voice recognition option would be an effective addition as well. Any less and you might as well just not use any security at all.

        Why not add a duress password/phrase/keystroke/specific fingerprint that induces a deep wipe pf the device.

        IANAL, but using it would probably generate an obstruction of justice, or destruction of evidence, charge against you.
        The law says you don't have to help LEOs, but you can't hinder.

        • The law says you don't have to help LEOs, but you can't hinder.

          Or how about developing systems that work only on something you know (passwords), which can't be compelled, and induce a complete wipe if authenticating with something you have (which can all be compelled). Naturally, architect the system with no back doors or failsafes.

          Then, in court, you argue against having to provide the, "something you have", on the grounds that it violates your rights. When you inevitably lose, the courts compel you to use the, "something you have". Then, when the wipe is done and

      • by Archfeld ( 6757 )

        You have a legal right to refuse to provide a password under your 5th amendment rights. Purposefully wiping the drive would get you an obstruction of justice charge. You can refuse to speak but lying is a crime. When in doubt just do nothing.

  • They want their SmartCard Authentication technology back. FIDO itself has been around since 2013.
  • They're replacing something that you can forget with something that you can lose or have stolen.
  • by PPH ( 736903 )

    On the Internet, nobody knows you are a dog.

  • What happened to retina scan ?
  • I got a new laptop recently with a fingerprint reader integrated into it. It is very cool how I can just place a finger onto the laptop and Windows 10 automatically knows who I am and logs me in. There are obvious pros and cons to this, but it suits my purposes.

    However... fingerprint setup requires me enter a secondary PIN code, presumably so if it can't read my print after a number of tries it can challenge for the PIN. This seems extraordinarily dumb to me because I already have a password it could prom

Pascal is not a high-level language. -- Steven Feiner

Working...