Windows 10 update adds passwordless option for device login
With the latest update to Windows 10, Microsoft's added an option for Windows 10 devices working with Windows Hello. With this update, users can enable passwordless sign-in for Microsoft accounts via Settings. This update also adds Windows Hello as a Fast Identity Online 2 (FIDO2) authenticator for "all major browsers" including Chrome and Firefox. This and other features are enabled with Windows 10 version 2004, AKA Windows 10 May 2020 Update.
With this latest update to Windows 10, users can go to Settings – Accounts – Sign-in Options – and select Make your device passwordless (tap ON). With this option switched ON, all of your Microsoft accounts on your Windows 10 device will be switched to "modern authentication." Modern Authentication includes Windows Hello Face, Fingerprint, or PIN code.
Windows Hello PIN sign-in support was also added to Safe mode with this 2004 update to Windows 10. The Windows Hello system got an upgrade for Windows Hello for Business, too, adding Hybrid Azure Active Directory support as well as phone number sign-in (MSA).
This update extends FIDO2 security key support with Windows Hello for Business to Asure Active Directory hybrid environments. Microsoft revealed a bit of an early preview of this system in November of 2019. The public preview of Azure AD support for FIDO2 security keys in hybrid environments was initiated in February of 2020.
With this update, users of all sorts can easily and effectively move beyond password login for Windows devices. As noted by Microsoft AZURE's Alex Simons, "With the expansion of FIDO2 support to Hybrid environments, we offer seamless sign-in to Windows devices and virtually unphishable access to on-premises and cloud resources, using a strong hardware-backed public/private-key credential."
Do you think you'll be able to move beyond your feeling that a password is the only secure way to keep your hardware locked up tight? When's the last time a friend or relative of yours got their bank account drained because they got an email from a malicious agent? With passwordless sign-in, it's far less likely that that sort of thing will ever happen again.