The latest version of Microsoft’s operating system is due for release this summer. Windows 10 is set to be one of the best operating systems yet according those that have been reviewing it during the technical preview made available by Microsoft.
One of the new features that has not been talked about a great deal so far is Windows Hello. This is primarily a security feature from Microsoft but it is also the acknowledgement of a global problem that we are facing in technology and a proposed solution.
Windows Hello introduces biometrics and will allow users to log in to all of their Windows 10 devices using various biometrics including fingerprint scan, optical recognition and facial recognition.
Of course this technology has been around for quite some time but with the release of Windows Hello Microsoft are suggesting to both companies and individuals that it is time to ditch passwords and to start using biometrics exclusively.
This requirement comes as computers are becoming more and more powerful and passwords are no longer effective forms of security. One of the main problems with passwords is the user behind those passwords – even today some of the most common passwords used include 123456 and password which is hardly going to stop advanced hackers from getting into the systems that those passwords are meant to secure.
Even aside from the issue of weak passwords, computers are now becoming so powerful that brute forcing even the most complex passwords is no longer the impossible task that it once was.
Hackers are now able to get into systems even with strong passwords by simply running programs that try hundreds of thousands of password combinations in sequence until the correct one is inevitably found. Of course there are often systems in place to deem these type of attacks ineffective but the principal still remains that passwords are no longer secure enough.
The problem that arises here is that having more and more secure password requirements becomes a real issue for users because the passwords simply cannot be remembered and this in itself will open up other security risks such as when users have to write down passwords in order ot remember them.
As always Microsoft are ahead of the curve and thinking about the ways in which we can replace passwords with other forms of security. They intend to introduce a combination of biometrics and two factor authentication and are proposing that this will form a much better method of security.
Many people will argue that biometrics is actually just as insecure as passwords have been up to now and that may be the case – there are of course ways in which hackers can fool computer systems and replicate biometrics – such as cloning and re-using fingerprints or even reverse engineering the technologies that capture and verify the biometric data.
However, the point Microsoft are trying to make with the release of Windows Hello is the fact that we need a new form of authentication and whilst biometrics may still need further development it is probably the best option that we have to replace password security and cannot be further developed until it starts to be used in the real world.
Personally I agree with Microsoft entirely but I consider the introduction of two factor authentication to be the crucial element here. Rather than being the most secure and hacker proof approach, biometrics actually offers a much more efficient way to for a user to authenticate – it is easier to provide a fingerprint or a face scan than it is to remember and provide a 10 digit non-dictionary based password. This biometric authentication can then be coupled with a second means of authentication – perhaps a requirement to enter a code sent via SMS/Email – and the two coupled together will form an extremely secure means of authenticating that will top that offered by traditional password security whilst also providing a far better experience to the end user.
In my opinion Microsoft are once again heading in exactly the right direction with their offerings and whilst their system may only bid mid-way through its development and will probably be re-working several times before it is perfected it definitely is the way forward in terms of computer security.