Microsoft’s Windows 10 October 2018 Update was re-released recently, and along with introducing features that play nice with your phone, it now lets you ditch more of your passwords. The latest version of Windows 10 allows you to sign in with your Microsoft account on the web through Microsoft Edge using Windows Hello or a FIDO 2 Yubikey.
This feature was originally beta tested with Windows Insiders this past summer but has long been supported by both Firefox and Google Chrome. It is a safe and secure process which involves setting up two-factor authentication and automatically creating a public token and a private sign-in token for a Microsoft website. There is no extra software needed, and everything is secure and handled directly within Microsoft Edge. Once the initial setup is done, a website will send a request for a private token and cross-check it against either your face or fingerprint via built-in Windows Hello facial recognition, or Yubikey to log you in.
If your laptop or desktop does not have Windows Hello built in, the Yubikey 5 Series and Security Key by Yubico are options to enjoy the feature. These accessories can be purchased for anywhere between $45 to $60. Both USB C and USB A versions are available, and most models feature water resistance, crush resistance and low-profile designs.
Currently, passwordless logins in Microsoft Edge work with Outlook, Skype, Office, OneDrive, Windows, Cortana, Edge, Xbox Live, Mixer, Microsoft Store, Bing, and MSN. That means you can visit the Microsoft Store on the web, and purchase a game for your Xbox without even having to remember your password. It also is a more secure process that is less prone to hacking.
“No more passwords means remote attackers can’t phish your username or password, or use other modes of attack. The physical possession of your Yubikey is required for access,” says Yubico, the group behind Yubikey.
Microsoft has long been on a journey to kill off passwords in favor of Windows Hello. In a blog post from July, it highlighted how far that has come.
“We started this journey in 2016 when we shipped the industry’s first preview implementation of the Web Authentication API in Microsoft Edge… Since then, we have been updating our implementation too as we worked with other vendors and the FIDO alliance to develop the standard,” Microsoft said.