Thursday, October 23, 2014 9:33:53 AM
Summary: Windows 10 will build in standards-based two-factor authentication to every device, effectively neutering most phishing attacks and password database breaches. The company also announced new features aimed at securing corporate machines from malware attacks and data leaks.
By Ed Bott for The Ed Bott Report | October 22, 2014 -- 15:00 GMT (08:00 PDT)
Most of the early coverage of the Windows 10 Technical Preview has focused on the new Start menu, virtual desktops, and other highly visible parts of the user experience. But even in these early builds there are hints of much more momentous changes to come, especially in the crucial realm of security.
The most tantalizing hint so far has been a new service called Next Generation Credentials, which is installed but not started in the most recent preview builds.
Today, Microsoft revealed more details about its plans to "move the world away from the use of single factor authentication options, like passwords." The feature, which isn't currently enabled in Windows 10 Technical Preview builds, will allow the owner of a Windows 10 device (PC, tablet, or phone) to enroll that device as trusted for the purposes of authentication. In combination with a PIN or biometric proof, such as a fingerprint, the user will be able to sign in to any supported mobile service.
The PIN, Microsoft says, can be any combination of alphanumeric characters--it doesn't have to be restricted to a short numeric code. If that PIN is stolen in a database breach or phishing attack, the thief will be unable to access any services, because the hardware part of the two-factor authentication requirement isn't present. Likewise, a stolen device without the necessary PIN will be useless.
The authentication scheme isn't proprietary. Instead, it's based on standards from the FIDO Alliance, whose membership includes a who's who of computing giants (Google, Microsoft, Lenovo, and more), banking and payments companies (BofA, PayPal, Visa and MasterCard), and established security firms like RSA and IdentityX.
On the device itself, the required public and private keys can be issued by an enterprise using its existing PKI infrastructure, or for consumer devices they can be generated and securely stored by Windows 10 itself.
According to Microsoft, Windows 10 users will be able to enroll any or all of their devices with these new credentials. As an alternative, they can choose to enroll a single device, which then serves as a virtual smart card. A mobile phone, for example, can offer two-factor authentication using Bluetooth or WiFi for signing in on local devices or accessing remote resources.
The user access tokens themselves will be stored in a virtualized secure container (running on top of Hyper-V technology), eliminating the effectiveness of common attacks such as Pass The Hash.
In today's announcements. Microsoft also laid out two new features in Windows 10 that will tighten security for its enterprise customers.
The first is a set of information-protection capabilities that make it possible to protect corporate data even on employee-owned devices. Windows 10, the company says, will allow network administrators to define policies that automatically encrypt sensitive information, including corporate apps, data, email, and the contents of intranet sites.
Because support for this encryption will be built into the APIs for common Windows controls, such as Open and Save dialog boxes, it will be available to all Windows apps that use those controls. For tighter security, administrators can create lists of apps that are allowed to access encrypted data as well as those that are denied access—a network administrator might choose to deny access to cloud services such as Dropbox, for example.
A final security measure is potentially a big winner for organizations with high-security needs, such as banks and other regulated industries as well as defense contractors and government agencies concerned about online espionage. With Windows 10 Enterprise edition and specially configured OEM hardware, administrators will be able to completely lock down devices so that they're unable to run untrusted code.
In this configuration, the only apps that will be allowed to run are those signed by a Microsoft-issued code-signing certificate. That includes any app from the Windows Store as well as desktop apps that have been submitted for approval through Microsoft. Enterprises with internal line of business apps can get their own key generator, which will allow those apps to run on their network but won't work outside the network.
Recent BKYI News
- BIO-key Wins Coveted Global InfoSec Award for Multi-factor Authentication During RSA Conference 2024 • GlobeNewswire Inc. • 05/07/2024 12:59:00 PM
- BIO-key International, Inc. Receives Notice of Non-Compliance from Nasdaq • GlobeNewswire Inc. • 04/22/2024 08:30:00 PM
- Switzerland’s Canton of Ticino Implements BIO-key’s Multi-Factor Authentication Solution in its Information Systems Center • GlobeNewswire Inc. • 04/09/2024 01:15:00 PM
- Identity and Access Management Software Provider BIO-key Preliminary 2023 Results: Operating Loss Trimmed Approx. $3.5M on Approx. 29% Revenue Growth to $9.1M; Investor Call Tomorrow at 10am ET • GlobeNewswire Inc. • 04/01/2024 08:45:00 PM
- Identity and Access Management/Cybersecurity Solutions Provider BIO-key International Hosts Q4 Investor Call Tues., Apr. 2nd at 10am ET • GlobeNewswire Inc. • 03/27/2024 01:30:00 PM
- Humanity International Investments Hits Major Milestones in Digital Identity with the Humanity Protocol Initiative in Partnership with BIO-key International • GlobeNewswire Inc. • 03/12/2024 06:17:46 PM
- BIO-key Receives $1.5M Pre-Paid, Two-Year Software Subscription Order for its Biometric Identification Platform • GlobeNewswire Inc. • 02/20/2024 01:59:00 PM
- Form 424B3 - Prospectus [Rule 424(b)(3)] • Edgar (US Regulatory) • 02/16/2024 10:02:13 PM
- Form SC 13G - Statement of acquisition of beneficial ownership by individuals • Edgar (US Regulatory) • 02/14/2024 08:30:35 PM
- Form SC 13G/A - Statement of acquisition of beneficial ownership by individuals: [Amend] • Edgar (US Regulatory) • 02/14/2024 01:04:15 AM
- Form EFFECT - Notice of Effectiveness • Edgar (US Regulatory) • 02/13/2024 05:15:36 AM
- Bridgetown, Barbados Credit Union Selects BIO-key’s PortalGuard to Enhance Access to Shared Workstations Including Biometrics • GlobeNewswire Inc. • 02/06/2024 01:59:00 PM
- Form S-1 - General form for registration of securities under the Securities Act of 1933 • Edgar (US Regulatory) • 01/30/2024 10:31:29 PM
- Form SC 13G/A - Statement of acquisition of beneficial ownership by individuals: [Amend] • Edgar (US Regulatory) • 01/25/2024 09:01:47 PM
- Tragsa Group Enhances Cybersecurity with BIO-key’s Multi-Factor Authentication Solution • GlobeNewswire Inc. • 01/22/2024 10:15:00 AM
- Haver & Boecker Implements Single Sign-On (SSO) with Multifactor Authentication via P&W Netzwerk and BIO-key Europe to Secure and Streamline User Access • GlobeNewswire Inc. • 01/17/2024 09:59:00 AM
- NJ-based Authentication Solutions Provider BIO-key to Review Growth Strategy and Progress at The Microcap Conf. in Atlantic City – Presentation Wed., Jan 31 at 10:50am ET • GlobeNewswire Inc. • 01/16/2024 01:59:00 PM
- Form 8-K - Current report • Edgar (US Regulatory) • 01/11/2024 04:54:32 PM
- Fargo, ND and Junction City, KS Choose BIO-key PortalGuard For Secure Access via Biometric Authentication • GlobeNewswire Inc. • 01/11/2024 12:58:00 PM
- BIO-key PortalGuard Wins 2024 Business Intelligence Group’s BIG Innovation Award for its Authentication Software • GlobeNewswire Inc. • 01/10/2024 02:01:00 PM
- Denmark’s Ministry of Foreign Affairs Bolsters Network Security via IT2Trust and BIO-key® • GlobeNewswire Inc. • 01/08/2024 10:00:00 AM
- Form 4 - Statement of changes in beneficial ownership of securities • Edgar (US Regulatory) • 01/03/2024 10:28:13 PM
- Form 4 - Statement of changes in beneficial ownership of securities • Edgar (US Regulatory) • 01/03/2024 10:20:08 PM
- Form 4 - Statement of changes in beneficial ownership of securities • Edgar (US Regulatory) • 01/03/2024 10:14:48 PM
Avant Technologies Equipping AI-Managed Data Center with High Performance Computing Systems • AVAI • May 10, 2024 8:00 AM
VAYK Discloses Strategic Conversation on Potential Acquisition of $4 Million Home Service Business • VAYK • May 9, 2024 9:00 AM
Bantec's Howco Awarded $4.19 Million Dollar U.S. Department of Defense Contract • BANT • May 8, 2024 10:00 AM
Element79 Gold Corp Successfully Closes Maverick Springs Option Agreement • ELEM • May 8, 2024 9:05 AM
Kona Gold Beverages, Inc. Achieves April Revenues Exceeding $586,000 • KGKG • May 8, 2024 8:30 AM
Epazz plans to spin off Galaxy Batteries Inc. • EPAZ • May 8, 2024 7:05 AM