Story image

Microsoft achieves FIDO2 certification for authentication solution

09 May 2019

The FIDO Alliance recently announced that Microsoft has achieved FIDO2 certification for Windows Hello. With this news, any compatible device running Windows 10 is now FIDO2 Certified out-of-the-box following the Windows 10 May 2019 update.

Windows 10 users can now move beyond centrally-stored passwords and leverage Windows Hello biometrics or PINs to access their devices, apps, online services and networks with FIDO Certified security.

FIDO2 is a set of standards that enables easy and secure logins to websites and applications via biometrics, mobile devices and/or FIDO Security Keys.

FIDO2’s simpler login experiences are backed by strong cryptographic security that is superior to passwords, protecting users from phishing, all forms of password theft and replay attacks.

“Our work with FIDO Alliance, W3C and contributions to FIDO2 standards have been a critical piece of Microsoft’s commitment to a world without passwords,” says Microsoft principal group program manager Yogesh Mehta.

“Windows Hello was built to align with FIDO2 standards so it works with Microsoft cloud services and within heterogeneous environments.

He adds, “Today’s certification announcement brings this full circle, allowing organisations and websites to extend certified FIDO Authentication to over 800 million active Windows 10 devices.”

Microsoft has made FIDO Authentication a fundamental component in its efforts to provide users with a seamless, password-free login experience.

As a FIDO Alliance board member and a lead contributor to the development of the FIDO2 specifications, Microsoft produced one of the market’s first FIDO2 rollouts with Windows Hello, supports FIDO2 on its Microsoft Edge browser, and also supports login to Windows Account with FIDO Security Keys.

The Windows 10 May 2019 update includes support for passwordless FIDO Authentication via Windows Hello or FIDO Security Key on Microsoft Edge or the most recent versions of Mozilla Firefox. 

FIDO Alliance chief marketing officer Andrew Shikiar says, “As a board member and vital contributor to the development of FIDO2, Microsoft has been an advocate of FIDO Alliance’s mission to move the world beyond passwords.

“This certification builds upon Microsoft’s long-standing support for FIDO2 technologies in Windows 10 and opens the door for its customers and partners throughout the Windows ecosystem to benefit from FIDO’s approach to user authentication.”

“FIDO2 is now supported in the world’s most-used operating systems and web browsers, setting the stage for enterprises, service providers and app developers to rapidly bring a simpler and stronger authentication experience to billions of users worldwide.” 

In addition to Microsoft Edge, FIDO2 is also supported by web browsers Google Chrome and Mozilla Firefox (with preview support by Apple Safari). 

Android has also been FIDO2 Certified, allowing mobile apps and websites to leverage FIDO standards on over a billion devices supporting Android 7.0+.

In addition, several FIDO2 Certified products have been announced to support implementation.

About FIDO Certification

The FIDO Alliance certifies authentication devices like biometrics and/or security keys, clients and servers to verify that they comply with FIDO specifications including FIDO2 and meet certain security profiles. This ensures that web users can use their FIDO Certified device across all FIDO-enabled web services for a seamless experience.

For websites and organisations, they only need to FIDO-enable once and gain access to all FIDO Certified devices in the market.

OEMs can further differentiate their devices to meet added market requirements by taking part in security level testing -- which evaluates how strongly the user’s authentication credentials are protected.

 About the FIDO Alliance

The FIDO (Fast IDentity Online) Alliance, fidoalliance.org was formed in July 2012 to address the lack of interoperability among strong authentication technologies and remedy the problems users face with creating and remembering multiple usernames and passwords.

The FIDO Alliance is changing the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords.

FIDO Authentication is stronger, more private, and easier to use when authenticating to online services.

Forescout strengthens investment in OT security
Forescout’s latest features will provide enterprises with improved productivity, lower risk profiles and faster mitigation of threats.
Hybrid cloud security big concern for business leaders
A new study highlights that IT and security professionals have significant concerns around security for hybrid cloud and multi-cloud environments.
GitHub launches fund to sponsor open source developers
In addition to GitHub Sponsors, GitHub is launching the GitHub Sponsors, GitHub will match all contributions up to $5,000 during a developer’s first year in GitHub Sponsors.
Check Point announces integration with Microsoft Azure
The integration of Check Point’s advanced policy enforcement capabilities with Microsoft AIP’s file classification and protection features enables enterprises to keep their business data and IP secure, irrespective of how it is shared. 
ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.