I am deeply passionate about keeping my customers secure. We are on a mission to eliminate passwords since they can be easily shared, leaked, or cracked. Our goal is to replace them with strong authentication methods such as Windows Hello, the Microsoft Authenticator app, or a FIDO2 security key. Since the July announcement of the public preview of Azure Active Directory (Azure AD) support for FIDO2 security keys, I’ve talked to many banking, professional services, retail, and energy customers. They all have these needs in common – they want to increase security, improve user productivity, and reduce costs. One customer, a multinational conglomerate company, is driving a passwordless pilot group with their high-profile employees to reduce phishing attacks. Employees from the pilot say they better understand the security benefits and love the new key form factor. The enthusiastic response from users is helping the IT team quickly expand the pilot to more users. Inspark, a Microsoft partner in Amsterdam, even goes beyond using FIDO2 security keys to sign into apps – they use FIDO2 security keys for physical building access.
Public Preview Coming early next year: passwordless security key sign in to on-premises resources
More and more customers want to move to the cloud but have a long way to go. They want passwordless security keys in order to sign in to on-premises resources, too. Understanding this feedback is important to us so that we can meet our customers where they are. In collaboration with many other groups at Microsoft, the support for FIDO2 security keys in hybrid environments is expected to launch early 2020.
Simpler sign-in with a biometric key.
Our partners, Authentrend, Ensurity, e-WBM, Feitian Technologies, HID Global, and Yubico from the Microsoft Intelligent Security Association (MISA) worked with us to integrate their passwordless authentication solutions with Azure AD. They provide form factors to meet the needs of diverse customers:
- Biometrics (fingerprint)
- NFC and USB security key devices
- Smart cards
These devices are small and fit into your pocket. Soon, there will be even more options to choose from. For this blog, we’d like to feature fingerprint keys that our partners are making available to many customers. Check out a list of vendors.
In addition to the above options, I have even more good news! Yubico is also introducing a new key in their lineup: the YubiKey Bio. YubiKey Bio is the first YubiKey that uses fingerprint recognition for secure and seamless passwordless authentication. I believe biometric authentication is the hallmark of security since it is so easy and relies on a unique characteristic about the user. The key integrates with the native biometric enrollment and management features supported in the latest versions of Windows 10 and Azure Active Directory (currently in public preview). If you’re interested in learning more, please go to the Yubico site.
“Nobody loves passwords,” said Stina Ehrensvärd , CEO and Founder, Yubico. “Yubico is excited to have pioneered the WebAuthn standards with Microsoft, enabling a new passwordless era for consumers and enterprises around the world. The combination of our technologies allows users to login locally and remotely with a simple touch and with unmatched security.”
I recently sat down with Stina, and we talked about passwordless authentication and what it means for customers in helping them be more secure.
Learn more and keep in touch
I know we have a lot to learn from you before we can go GA for our passwordless authentication features. Please continue to provide feedback to our team and stay connected with me on LinkedIn: https://www.linkedin.com/in/susanbohn/
Check out the Passwordless deployment documentation here.