Two-factor authentication will come baked into Windows 10

Shawn Knight

Posts: 15,253   +192
Staff member

windows password security passcode biometrics fingerprint two factor authentication pin windows 10

Nary a day goes by that we don’t hear about a new security breach in which million of credit cards or passwords are stolen. With Windows 10, Microsoft is addressing modern security threats during its development in hopes of offering a secure product that consumers will feel safe using.

Part of that has to do with moving away from single-factor authentication options like passwords which is why Windows 10 will have two-factor authentication baked right in.

In a blog post on the matter, Microsoft’s Jim Alkove said their solution will eliminate the need for additional hardware security peripherals. Once enrolled, he added, devices themselves become one of two factors that are required for authentication.

windows password security passcode biometrics fingerprint two factor authentication pin windows 10

The second factor in Windows 10 will be a PIN or a biometric, like a fingerprint.

As Alkove correctly points out, from a security standpoint, this means that an attacker would need to have a user’s physical device as well as access to their PIN or biometric information to gain access to a target account.

For example, a user could register their smartphone which would effectively become their mobile credential. It would allow a user to sign in to their PC, network and web services so long as their mobile phone is nearby. In this example, the phone’s Bluetooth or Wi-Fi connection would behave like a remote smartcard as one factor of authentication.

Do you think Microsoft is on the right track by adding two-factor authentication to Windows 10? After all, a number of services already offer two-factor authentication and some have for years now. If anything, they’re simply playing catch-up at this point.

Permalink to story.

 
For access to the computer I think it's a bit too much, of course depends on the type of computer, on one hand we have personal home usage, which to have a phone nearby or 2 step pin generation doesn't sound like too much trouble but imagine having to do an additional step everytime you come nearby or leave your computer at home to get a coffee or dunno.

In case of corporative computers I feel it's something that should be implemented, maybe with U2F security keys for a matter of convenience along a pin.
 
Once enrolled, he added, devices themselves become one of two factors that are required for authentication.
Devices fail! What happens when they are required for authentication and you no longer have the device? I hope there is an alternative for getting authenticated.
 
Once enrolled, he added, devices themselves become one of two factors that are required for authentication.
Devices fail! What happens when they are required for authentication and you no longer have the device? I hope there is an alternative for getting authenticated.

I'm sure a version of the "Forgotten password?" reset via SMS/Email/Security question for MFA will be included. My phone is already registered with my banking app as an "authorized" device. When changing phone I had to authorize again with multiple passwords/security passwords. I now only require 3 letters from a pass phrase and the device(guessing it uses the MAC address) but it still allows for access over web browser via traditional multi factor authentication (password and 3 letters from pass phrase).
 
How will this prevent code being run or exploited on an active account/machine?
Praying on the secirity hysteria that microsoft/google et al themselves created, just so they can sniff and map networks and monetise our biometrics.
Rule 1: never trust a liar.
 
Throughout the history what MS-Windows has been doing to its users is what a woman does to a man.

It starts to be obvious that Windows is female. After all, it is Ms.Windows.
 
Throughout the history what MS-Windows has been doing to its users is what a woman does to a man.

It starts to be obvious that Windows is female. After all, it is Ms.Windows.
Shhh! The next thing you know, we'll have to buy our computers a dishwasher before we can log on.....:D
 
Yeah, Miss Windows always want your money only and you get nothing for it.
Infinity endless invisible hole.
 
Throughout the history what MS-Windows has been doing to its users is what a woman does to a man.
It starts to be obvious that Windows is female. After all, it is Ms.Windows.
Given the etymology and historical context of Hysteria, your analogy actually works on a level I don't think you'd even contemplated.
LvKUE81.png

The Windows brand....a practical example of Semiotics and the Pavlovian response.
 
Anything you can pass off as being good for the "consumer" when it's more for the seller of the goods and services is always a good thing...for the seller. This just probably means that you won't be able to stream a Hollywood Movie to your computer until it has verified your DNA sample.

I had thought for a short while that I might actually want to install Windows 10. But with each passing day it seems the answer is more of a Hell no then maybe.

I think Windows 7 was the last Microsoft operating system I am ever gonna stay with for good. Oh sure, I will poke at 8, prod 9, feel up 10, but that's probably all that will ever happen.

But who knows. Maybe we haven't crossed over into the land of no return.
 
But who knows. Maybe we haven't crossed over into the land of no return.
I think we have. The fact that we continue to request options and continually confronted by those who would not be effected by the increased options, prove it. There is one thing worse than being classified as sheep, that's feeling as though you are being treated as cattle with no escape.*closesmouthinshame*
 
The two-factor authentication, though not a silver bullet, could be reliable when it comes with a reliable password. 2 is larger than 1 on paper, but two weak boys in the real world may well be far weaker than a toughened guy. Physical tokens and phones are easily lost, stolen and abused. Then the password would be the last resort. It should be strongly emphasized that a truly reliable 2-factor solution requires the use of the most reliable password.

Using a strong password does help a lot even against the attack of cracking the stolen hashed passwords back to the original passwords. The problem is that few of us can firmly remember many such strong passwords.  We cannot run as fast and far as horses however strongly urged we may be. We are not built like horses.

At the root of the password headache is the cognitive phenomena called “interference of memory”, by which we cannot firmly remember more than 5 text passwords on average. What worries us is not the password, but the textual password. The textual memory is only a small part of what we remember. We could think of making use of the larger part of our memory that is less subject to interference of memory. More attention could be paid to the efforts of expanding the password system to include images, particularly KNOWN images, as well as conventional texts.
 
The two-factor authentication, though not a silver bullet, could be reliable when it comes with a reliable password. 2 is larger than 1 on paper, but two weak boys in the real world may well be far weaker than a toughened guy. Physical tokens and phones are easily lost, stolen and abused. Then the password would be the last resort. It should be strongly emphasized that a truly reliable 2-factor solution requires the use of the most reliable password.

Using a strong password does help a lot even against the attack of cracking the stolen hashed passwords back to the original passwords. The problem is that few of us can firmly remember many such strong passwords.  We cannot run as fast and far as horses however strongly urged we may be. We are not built like horses.

At the root of the password headache is the cognitive phenomena called “interference of memory”, by which we cannot firmly remember more than 5 text passwords on average. What worries us is not the password, but the textual password. The textual memory is only a small part of what we remember. We could think of making use of the larger part of our memory that is less subject to interference of memory. More attention could be paid to the efforts of expanding the password system to include images, particularly KNOWN images, as well as conventional texts.
Do us a favor, spare us the zen password drivel. Nobody really needs to understand why we can't remember long passwords, just that we need to write them down.

FWIW, "picture passwords", would be the perfect thing for the infamous Fischer-Price GUI, that is Windows 8.
 
Last edited:
Put on your Administrator Hat and consider:
  1. Even my laptop has three users + the one admin account. If each is created and initialized by different persons, biometrics would make it impossible to use RUNAS or to login on accounts other than your own.
  2. Using remote desktop connection to help a user with 2F may be equally inhibited unless the remote user can provide the 2F data.
  3. Users joining a domain may have problems with remote administration.
If there's an alternative authentication for the above, then 2F is a failure in concept even before you boot the system
 
Once enrolled, he added, devices themselves become one of two factors that are required for authentication.
Devices fail! What happens when they are required for authentication and you no longer have the device? I hope there is an alternative for getting authenticated.
I use MS's 2 stage verification code and for the instance you stated above, you can still sign in using a previously issued code or you can get another code emailed to you. It's a hassle I know but rather safe than sorry.
 
Biometrics is not a perfect answer to protecting data or computer. Fingerprint is easy to falsify. Need a bit of time and slightly more effort.

I don't think that 2 way authentication have any reasonable use for home PC. PINs are easy to crack, weak passwords are equally trivial. Fingerprint offers some relative protection, but for skilled thief it's nothing. I agree with voices that W7 really is/was last worthwhile OS from Macrocost. Efficient OS like XP or W2000 are not coming back. Also W8 and 10 interface looks like result of art competition from primary school. Everywhere only bling, bling, Tw****r integration, Face**** integration. Only what is lacking is GPS location beacon to monitor user 24/7. Bloody permanent surveillance.

W11 will require sample of blood, shoes size, ****/tits size, number of children and proving your descent for 5 generations back. just to log-in... it's coming big time.
 
Do us a favor, spare us the zen password drivel. Nobody really needs to understand why we can't remember long passwords, just that we need to write them down.

FWIW, "picture passwords", would be the perfect thing for the infamous Fischer-Price GUI, that is Windows 8.
Writing down passwords and PIN's is a good idea. I wrote the PIN of my banks ATM card on the card itself and people tell me it's not a good idea, I can't understand why :D
 
"Nary a day goes by that we don’t hear about a new security breach in which million of credit cards or passwords are stolen."

It's called the real world. Nary a day goes by in life that lots of things don't go wrong. Nary a day goes by that millions of things don't go wrong. But there has to be a line drawn in the sand somewhere. Everything requires balance. This should completely be a choice. If it's a choice, its fine. If it's forced on us like Metro was, it isn't fine.
 
Writing down passwords and PIN's is a good idea. I wrote the PIN of my banks ATM card on the card itself and people tell me it's not a good idea, I can't understand why :D
Depends on how often you use it. I use my debit card 90% of the time in lieu of cash, and my PIN is fairly indelible by now. If I forget the PIN now, or at any time in the future, I might as well come to grips with my progressive state of Alzheimer's, and find someone to rob me blind through power of attorney.

Seriously though, as long as you don't write your PIN on your forehead, you should be OK. Should you decide painting it on your face is the way to go, just make sure you write it backwards so you'll be only one who can read it....(y) (using a mirror).
 
....[ ]....W11 will require sample of blood, shoes size, ****/tits size, number of children and proving your descent for 5 generations back. just to log-in... it's coming big time.
Meh, I'm pretty sure I'll still be using Windows 7, so basically I won't be giving a rat's a**, even if requires a rectal exam to log on.
 
Writing down passwords and PIN's is a good idea. I wrote the PIN of my banks ATM card on the card itself and people tell me it's not a good idea, I can't understand why :D
I write a four digit number on the back of my debit cards also - the only difference in our cases might be that the four digits don't actually correspond to the PIN number. I figure anyone who finds or lifts my wallet will give the number at least two attempts which cuts down their chances of hitting the jackpot.
 
Back