Microsoft Passport comes with Windows 10
Microsoft Passport is the new service from Microsoft which has been around for a while, which serves as a single point entry for all the Microsoft products such as OneDrive, Outlook, Skype, contacts etc., Passport is about to come in Windows 10, which will replace the passwords with the two-factor authentication which consists of a enrolled device and Windows Hello or Personal Identification Number. In this article we are going to explain the overview of how Microsoft will use Microsoft Passport in Windows 10.
Microsoft will consists of two services, one is sign-in service which allows the members to use single name and password to log in to Microsoft services and other one is Wallet, which allows the users to make the online purchases fast, easy and conveniently.
Two factor authentication
Microsoft has introduced two factor authentication feature two years ago, which adds extra security for your online accounts which prevents cyber criminals from hacking your account. Though two factor is very useful feature, there are some problems in using it in its current state. First you need to enter the password of your online account and you will receive a PIN, which you need to enter. This becomes a problem when you are using a phone, especially when its RAM size is less.
For, Two factor authentication in the current state, you need to create different passwords for different Microsoft services we use. We need to even create and app password for Microsoft Outlook email client and use this instead of the original Microsoft password which you use to log in on your web browser.
Now everything has changed with Microsoft Passport. Right now two-factor authentication is optional and Microsoft will make it mandatory for all the users to use two factor authentication. This won’t be as difficult as it is now. There will be two keys one with the user and other with Microsoft, so the user just needs user key to access the protected apps.
Primary key which is with the Microsoft would be either a certificate or firmware. So you no need to enter the information in the login boxes, then you will get a PIN which offers access to the Microsoft products.
Users those who want more security can choose Windows Hello, which is a some kind of gesture that let you draw on the sign in screen that give access to the protected services. Current generation phones will have some kinds of gestures for the lock screen, which explains how the Windows Hello is different from current lock screens, but Microsoft claims that it will be better than the gestures available currently on the lock screen and will offer more security.
For the time it will take more time, because you need to get the certificate and then setup a PIN or Windows Hello. After setting up everything, to access the Microsoft products in future you need to just enter the PIN or the gesture you selected. So you no need to wait for the PIN that comes with SMS. You need to just draw the gesture and you are in.
How passport works
As already explained, Passport is based on the certificate, an asymmetrical pair which will keep the user data safe. During the registration process, Microsoft account will create a public key and this will identify when every time user tries to log in. If you use firmware instead of certificates, they have to match and that firmware should be present and key that is stored cryptographically on firmware should match with the key that is generated during the registration process.
There is a drawback that, certificate doesn’t work across the devices as it will be stored on the device and it is not even sent to the server. So this might force every user to go through the registration process on every device separately.