Microsoft Confirms Intent To Replace Windows 10 Passwords For 800 Million Users

272,084 views | May 11, 2019, 9:09 am

Davey Winder Contributor Opinions expressed by Forbes Contributors are their own.

I report and analyse breaking cybersecurity and privacy stories

Microsoft has very quietly confirmed the death of Windows 10 passwords this week. Microsoft’s crypto, identity and authentication team group manager, Yogesh Mehta, has made an announcement that he says puts “the 800 million people who use Windows 10 one step closer to a world without passwords.” Whether you love Microsoft or are a Windows 10 hater, I think most people will agree that passwords have long since reached their expiry date. By which I don’t just mean in the sense of security policy baseline recommendations either, although Microsoft did also recently announce a change to Windows 10 passwords in that regard as well. Rather I am referring to the whole concept of the password as a secure authentication method.

Mehta confirmed that with the release of the forthcoming Windows 10 May update, Windows Hello becomes a fully FIDO2 certified authenticator. What does that mean, do I hear you ask? The FIDO Alliance, which stands for Fast Identity Online, is an industry body on a mission to solve the problem of passwords through the use of open standards to drive technologies that can securely replace them. FIDO2 is a set of such standards that enable logins backed by strong cryptographic security, and the certification in question applies to the use of Windows Hello for Windows 10 users.

Andrew Shikiar, the CMO of the FIDO Alliance, says that “Microsoft has been a preeminent advocate of FIDO Alliance’s mission to move the world beyond passwords.” Indeed, it has been making great strides to get rid of passwords since the introduction of Windows Hello, which enables Windows 10 users to sign into devices using facial recognition, back in 2015. So does the arrival of FIDO2 certification for Windows 10 mean that passwords are now dead? Not quite. The death of the password for Window 10 could yet be a lingering and painful one. “We encourage companies and software developers to adopt a strategy for achieving a passwordless future and start today by supporting password alternatives such as Windows Hello,” Mehta says, before admitting that to arrive in this future requires “interoperable solutions that work across all industry platforms and browsers.” I say painful, by the way, as there will no doubt be no shortage of stories about password security fails until the final nail is hammered into this authentication coffin.

Jake Moore, a security specialist at ESET, is welcoming of the news. “Considering the number of data breaches we have witnessed in the past few months,” he says, “it is great to see companies taking the steps required to protect their users.” However, he warns that passwords will “still be a feature in the background,” and so users must be pushed to “adopt better password management and multi-factor authentication to protect their data in case their information gets into the wrong hands.”

I have been covering the information security beat for three decades and Contributing Editor at PC Pro Magazine since the first issue way back in 1994. I contribute to… Read More

I have been covering the information security beat for three decades and Contributing Editor at PC Pro Magazine since the first issue way back in 1994. I contribute to the Times and Sunday Times via Raconteur Special Reports, SC Magazine UK, Infosecurity Magazine and Digital Health Intelligence. The only three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) I was also fortunate enough to be named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro called 'Threats to the Internet.' In 2011 I was honoured with the Enigma Award for a lifetime contribution to IT security journalism. Please contact me in confidence at or happygeek via Signal if you have a cybersecurity story to reveal or some interesting new research to share. Read Less