Windows Hello Authentication Microsoft Official

Microsoft is enhancing its multi-factor authentication ability when the Windows 10 Anniversary Update arrives in August, but the company is leaving Windows Hello to do all the lifting. That means the company will be eliminating the Microsoft Passport service for the second time.

In a post on Microsoft’s TechNet blog, product manager Chris Hallum announced that Windows Hello will drive the company’s push to eliminate passwords. With Passport culled, Hello will be the only identity service on Windows 10.

Passport was initially launched as Redmond’s first single sign-on service but was killed over a decade ago due to concerns over its ability to keep data safe. It was re-introduced on Windows 10 as a way to authenticate a Microsoft account, an Active Directory account, a Microsoft Azure Active Directory (AD) account, or non-Microsoft service that supports Fast ID Online (FIDO) authentication.

Windows-Hello-Devices-TechNet-Official-Microsoft

However, Microsoft has since released Windows Hello as its two-step authentication service and has no more need for Passport. Instead of having two separate services, Microsoft has decided to fold Passport’s features into Windows Hello.

Windows Hello is a based on biometrics and the use of a user device, allowing users to sign in to a device or app with enterprise-grade security. With Passport’s closure, Hello will gain the credential features, giving the service two main aspects: Factor and Credential. Microsoft recently announced that the Anniversary Update would also bring Windows Hello to the Edge browser.

Factors are used to validate a user’s identity to access Windows 10 devices and resources. Until now Hello has used biometric authentication like fingerprint scanning, iris, and facial recognition. The device itself was needed as the second factor of validation, but in the Anniversary Update it will support devices, biometrics (as before), and PINs.

Biometrics will remain a major (chief) component of the Windows Hello service, but Microsoft Passport features will allow the authenticator, allowing two-step authentication tied to an account and across devices.

The Anniversary Update will introduce a Windows Hello Companion Device framework, which will allow users to include an external device as a factor for authentication. This can be assigned to wearables, mobiles, and PCs. Microsoft points this out in its blog:

The Windows Hello Device Framework enables hardware vendors to develop companion devices for these scenarios and many more, with two types of companion devices. The first type is a device that is paired with a PC that is already enrolled with Windows Hello, and, in this case, the companion device doesn’t store the user’s credentials on it.