Windows 10 gains FIDO certification for biometric logins

The FIDO Alliance has granted Microsoft official certification for its Windows 10 authenticator Windows Hello from the forthcoming May 2019 upgrade.

Using facial recognition, fingerprint scanning, and a secure PIN number on Windows 10 from next month will be deemed 'FIDO2 Certified' for more than 800 million Windows 10 devices from next month. This means some significant weight will be added to Microsoft's long-term move away from conventional passwords.

The 'FIDO2 Certified' applies to systems that meet the alliance's standards for secure logins to websites and apps via biometrics, mobile devices, or FIDO security keys. These are also backed by strong cryptographic security.

And beyond just being used to sign into a Windows 10 user account, Windows Hello is compatible with an array of Microsoft services as well as web browsers, from Office 365 to OneDrive and even Mozilla's Firefox.

"Our work with FIDO Alliance, W3C and contributions to FIDO2 standards have been a critical piece of Microsoft's commitment to a world without passwords," said principal group program manager with Microsoft Yogesh Mehta.

"No one likes passwords (except hackers). People don't like passwords because we have to remember them. As a result, we often create passwords that are easy to guess - which makes them the first target for hackers trying to access your computer or network at work.

"Windows Hello was built to align with FIDO2 standards so it works with Microsoft cloud services and within heterogeneous environments."

Microsoft has also encouraged other companies and software developers to phase out passwords in the future by investing in alternatives.

The company has long been a detractor of password security, previously suggesting on numerous occasions that they pale against alternative authentication methods such as biometrics or two-factor authentication (2FA).

Just last month the company announced it would phase out 'expiring passwords' in the next Windows 10 upgrade. The firm suggested this dated security practice increases the likelihood of passwords being stolen because users are more likely to write them down.