If you read the news, or are a regular reader of ValueWalk, it seems a week rarely goes by when there isn’t another security concern for the nearly 2 billion people worldwide who are online on a regular basis. Today, Microsoft Corporation (NASDAQ:MSFT) is being proactive and announced the company’s intention to “move the world away from the use of single factor authentication options, like passwords.”
Not there yet
While the announcement is welcome, users of the Windows 10 Technical Preview won’t have these security features available to them. The feature, when enabled, will allow users to enroll their PCs, tablets, and phones running Windows 10 for authentication by PIN or a fingerprint.
The PIN can be any combination of alphanumeric characters and won’t be restricted to the standard short numeric PIN millions call a PIN today. If a PIN is stolen in a data breach, it is near useless without the hardware used in the two-factor authentication. Conversely, a device without a PIN is equally disabled.
Microsoft didn’t develop this themselves but rather based it on the standards of the FIDO alliance of which it is a member along with Lenovo Group Limited (ADR) (OTCMKTS:LNVGY) (HKG:0992), Google Inc (NASDAQ:GOOGL) (NASDAQ:GOOG) and others in the computing world. PayPal, Visa, BofA and others are all on the membership rolls along with security firms like IdentityX.
Microsoft: Enterprise security
Microsoft also has plans for increasing the security levels for enterprise customers by introducing two new features. The first will protect corporate data on employee-owned devices by giving administrators the option to automatically encrypt data they consider sensitive. The encryption will be built into the APIs of common Windows controls. Additionally, it will allow admins to block the use of third-party apps like Dropbox or Google Drive if they deem it necessary.
The second security measure is meant for users with higher than average security needs like banks, government agencies and defense contractors who face the daily challenge of espionage. Using OEM hardware, network managers will be able to lock down devices on a whim. That lock-down will limit the devices to running apps that are “signed” by a Microsoft-issued code-signing certificate.