It’s been a good few years for Microsoft. The company has made a real turnaround with Satya Nadella at the helm. He’s not only helped to focus the company back to its roots, the enterprise, but also helped give the consumer insight into the direction that Microsoft will be heading when it comes to security. With its managed services group and cyber defense operation center, Nadella offers a compelling case for the enterprise to move to Windows 10 through Microsoft’s holistic security strategy and how it aims to better detect and respond to threats.
Within a mobile-first world and the transition of storage and services to the cloud, Nadella believes that companies should assume “an operational security posture.” While Windows 10 is a step forward for Microsoft to enter into the BYOD (Bring Your Own Device) space, the introduction of Windows Hello shows how the company will create system support for biometric authentication – using your face, iris, or fingerprint to unlock your devices – with technology that is much safer than traditional passwords.
The sign-in process: PIN login and registration of your biometric data is similar to other systems like Apple’s TouchID in that the data never leaves the machine and is securely stored, so that malicious applications can’t exfiltrate export your data. Users can log into their device with either their fingerprint or having their iris scanned. It also supports login by way of Web Authentication using Microsoft Edge. This marks the first time that Windows has used such authentication in the operating system itself.
While detractors to biometric security say that such measures are useless once you lose a fingerprint or are not completely efficient in terms of recognition, it’s a step forward for Microsoft. Windows Hello will be used in the kernel and as part of the API, which is good for developers to build upon. It’s a seamless experience. Yet, the security comes into play when you realize that Hello takes everything from Windows OS for authentication and put it into its own virtual piece that runs independent of kernel so even if kernel gets exploited, since it runs separately, your credentials are safe.
While applications such as Hello and TouchID and more recently Intel’s (err McAfee) acquisition of Movidius may not be more secure than long, random passwords, it certainly is better than weak, repeated passwords or none at all. I look at these applications as raising the floor of security and replacing a certain subset of authentication security. As Jon Gelsey, CEO of identity security company Auth0 says “The single best protection against phishing, the most common cause of account compromise today, is to use multifactor authentication. Biometric authentication alone can be weak, but in combination with a password or passwordless authentication, it provides significantly stronger protection than a password alone.”
For Microsoft, it is a step in the direction of creating a perimeter for its devices and, eventually, more of its applications. One would think that the perimeter is where your users are such as a physical building, but the BYOD movement has helped to establish the perimeter as any place where a user is using a device. I’m curious to see how Microsoft implements Windows Hello into its various devices, as it may be a cost-effective way for the company to bring down physical walls while putting up virtual walls for the security of its devices. Also, it’ll help the company to get further into organizations because the story is developing is that you can use any device securely as long as it runs Windows 10.