Passwords have become practically useless, even dangerous, thanks to human frailty. That is why tech companies keep on trying to kill the password with two-factor authentication, fingerprints, faces, and even security keys. Working with the Fast Identity Online (FIDO) alliance, Microsoft is updating its Windows Hello security framework to work with the newly ratified FIDO2 security keys. This means that, in the future, Windows computers can be unlocked with a fingerprint tapped on a removable USB key.
It’s a bit amusing to think that it’s a mix of hi-tech and old-school security measures. FIDO2 involves using a physical security key in the form of a USB dongle that you can keep on a keyring, along with other keys or fobs you might have. And, yes, that’s another key you could potentially lose.
The idea is that users, primarily employees, will simply plug the key into a work computer to log into it. Of course, if it were that straightforward, anyone holding the FIDO2 key would be able to gain access to the computer, authorized or not. You will have to protect the key itself, either with a fingerprint or, at the very least, a PIN code. Like the PIN code you can type to log into Windows 10.
This is practically another spin on a two-factor authentication system, but one that is independent of your phone or email, both of which are prime targets for thieves and hackers. And it doesn’t have to be a USB key either, as an NFC smart card is also a possible implementation. Windows Hello FIDO2 Security Key is still in limited preview before it rolls out to enterprise customers.