The Channel logo


By | Iain Thomson 22nd October 2014 15:00

Microsoft promises Windows 10 will mean two-factor auth for all

Sneak peek at security features Redmond's baking into new OS

Windows doesn't have the best reputation for security, but Microsoft has been outlining a series of improvements in the new operating system that it believes will stymie hackers and leave corporate data more secure.

"We're no longer facing an evolution in security threats but a revolution," Chris Hallum, senior product manager for Windows told The Register. "The reality is that the systems currently in place don't offer the fundamental immunity we need to deal with such threats."

Hallum outlined three key technologies Microsoft will be building into Windows 10 that will be used to add protection. More will be added before the operating system ships next year but these are the teasers that Microsoft's sure will be included.

First, support for two-factor authentication is going to be built into the OS as standard and the preferred login setting. Full support for fingerprint recognition is being built into the stack, and there'll also be support for other biometrics, but Microsoft sees the phone as the primary tool for adding two-factor auth to the system.

Only launch users will be able to turn their iOS, Android or Windows Phone smartphone into an authentication token that clears access via Wi-Fi or Bluetooth. There are no plans for a BlackBerry version as yet but Hallum said Microsoft would be keeping an eye on BlackBerry's popularity (politely declining to add the obligatory "or lack of it").

Once users have logged in, Microsoft wants to safeguard the data they are using, and so is adding containerisation technology for each file, ensuring it is sandboxed and encrypted. The system is designed to work with the trusted platform module contained in many PCs these days, although it will manage without one too, just not in as seamless a fashion.

Hallum said that the data protection system is designed to minimise processor load and there should be "no appreciable" slowdown for users working with the system. It will also uphold the safety of VPN connections, he said, and IT managers would have full control over what can and cannot pass through the protected data tunnels.

Finally, Microsoft is hoping to block whole classes of malware by instituting a code-signing system for software. All apps in the Windows Store will be checked for malware and signed off as safe for use (including 32-bit apps) and the company is also instituting a self-signing system for accredited ISVs to clear their apps, and for corporate IT departments to get home-grown code signed.

The end result is that IT administrators can lock down the systems under their control to solely allow such signed apps to be run on Windows 10 systems, which should handle some malware problems. One presumes that the side effect for Microsoft is that more people actually use the Windows app store.

There will be more security announcements to come, and even these three systems will need some refinement. You can bet hackers are going to be honing their skills for the new challenge. ®

comment icon Read 58 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe