Windows 10 embraces password-killing biometric authentication

fido alliance u2f usb authentication oct 2014

The FIDO Alliance's U2F open standard lets compatible USB key drives and other small devices simplify two-factor authentication.

Credit: Image: FIDO Alliance

Microsoft is about to officially join the fight for authentication without pesky passwords. The company recently announced that Windows 10 will support the Fast Identity Online (FIDO) 2.0 specification. The end result is that instead of using passwords to log in to PCs, Microsoft services, and other third-party accounts, you’ll also be able to use a fingerprint or eye scan—possibly integrated with a key fob for two-factor authentication.

In its blog post announcing FIDO in Windows 10, Microsoft focused largely on features that would interest IT types, such as FIDO support for major enterprise-focused cloud services including Office 365 Exchange Online, Salesforce, Citrix, and Box. But FIDO in Windows 10 will also work with consumer services such as Windows 10 sign-ins,, and OneDrive.

Why this matters: The call to kill passwords with a better authentication solution have been ongoing for some time. FIDO appears to be the best chance for a one-size fits all solution to password-less authentication. The FIDO Alliance includes many major tech companies and other businesses with a big interest in security, including Arm, Bank of America, Google, Lenovo, Mastercard, PayPal, and Visa. Microsoft joined the FIDO Alliance in late 2013. When heavy hitters work together on problems like this the end result tends to be a near-universal solution—an absolute must if FIDO is to truly replace the password.

What is FIDO?

The idea behind FIDO isn’t all that new. Instead of using passwords—that can be forgotten, lost, stolen, or even guessed—a FIDO-equipped device would use biometrics such as fingerprint and eye scans that are much harder to acquire. This initial login method could also be paired with a key fob for two-factor authentication for added security.

Biometric scanners have already been integrated into smartphones, laptops, and other devices for years. The difference with FIDO is that it’s an open standard, meaning any company can implement it into their products or services. It also means that FIDO-compliant biometric scanners and two-factor authentication devices can be used with any FIDO-supporting service, as opposed to the hodgepodge of fingerprint scanning security mechanisms we have now.

The FIDO specifications are also designed so that a user’s biometric data never leaves the device.

For anyone that wants to check it out, Microsoft says FIDO integration is already available in the Windows 10 Technical Preview for enterprise applications as well as Windows 10 sign-in.


Subscribe to the Best of PCWorld Newsletter