What is Microsoft Passport in Windows 10
Broadly speaking, Microsoft Passport consists of 2 services – a single Sign-in service that allows members to use a single name and password to log in, and a Wallet service that members can use to make fast, convenient online purchases. UPDATE: Microsoft Passport was rebranded as Windows Live ID and now it has become Microsoft Account.
Two Factor Authentication in Microsoft Passport
Microsoft introduced Two-factor authentication a couple of years back, when cybercriminals increased their activities on the Internet. However, there have been some problems using the two-factor authentication in its current state. First – you enter the password and then you receive a PIN that you have to enter. If on the phone, this becomes a problem, especially if the phone’s RAM is low. Besides this, in its current scenario, when you wish to go for two-factor authentication, you have to create different passwords for different apps you use. You even have to create an “app password” for Microsoft Outlook email client and enter it instead of the real Microsoft password that you use for logging in via a web browser. All this is set to change with Microsoft Passport in Windows 10. Right now, the two-factor authentication is optional. Microsoft will make it mandatory for all to use two-factor authentication. It won’t be as tough as it is now. There will be two keys, one with Microsoft and one with the user. The user needs just the user key to get access to protected Microsoft apps. The primary key with Microsoft would be a certificate or a firmware. That is, you won’t have to enter that information into the login boxes. Then there will be a PIN that you will get. This PIN will open the doors to Microsoft products.
Windows Hello
We’ve already talked about the PIN. Users wanting more protection can opt for Windows Hello which would be some kind of gesture that you draw on the sign-in screen to get access to protected resources. Some of the current phones employ certain kinds of gestures for the lock screen. It is to be seen how Windows Hello would be different from the current lock screens but Microsoft does say that it will be better than current gestures on lock screens and will provide enhanced security. According to TechNet, the gesture will be matched with the first step in two-factor authentication – the certificate that Windows assigned to you. The first time will take a longer time as you have to get a certificate and then set up a PIN or Windows Hello. Once the entire thing is set up, you can access Microsoft products in future just by entering the PIN or the gesture you selected. Thus, there won’t need to wait for a PIN to arrive by SMS. You just draw the gesture and you are in.
Prerequisites for Microsoft Passport
Before you can use Microsoft Passport in your enterprise, you will have to make sure you meet the prerequisites.
How Microsoft Passport works in Windows 10
The Microsoft Passport, as said earlier, will be based on a certificate – an asymmetrical key pair – to keep the user data safe. Identity provider – the Microsoft account – will create a public key during registration process and will identify it every time user tries to log in. If the firmware is used in place of certificates, they have to match: the presence of such firmware should be there and the key stored cryptographically on the firmware should match the key generated during the registration process. Here is the tough part. The certificate will not work across devices as it will be stored locally on device, especially if it is a hardware-based certificate. It is not even sent to server. Thus, it might force users to go through the registration process on each device separately. The public key (PIN or gesture), however, can be used on different devices thereby making things easier for the users as they won’t have to remember different PINs and gestures. All said this new feature in Windows 10 is sure to lead to user convenience and an increase in security.
