Coming in the Anniversary Update: Windows Hello Support in Microsoft Edge

Coming in the Anniversary Update: Windows Hello Support in Microsoft Edge

While Windows Hello is an interesting and useful implementation of biometric security, it’s pretty much relegated to the sign-in process in the shipping version of Windows 10. But that will change with the Anniversary update, which is adding Hello support to Microsoft Edge.

“We look forward to a web where the user doesn’t need to remember a password, and the server doesn’t need to store a password in order to authenticate that user,” the Microsoft Edge team explains. “Windows Hello, combined with Web Authentication, enables this vision with biometrics and asymmetric cryptography.”

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Here are the gory details:

To authenticate a user on a secure web site, the server delivers a plain text challenge to Edge. The browser verifies the user with Windows Hello, signs the challenge with a private key provisioned specifically for this user, and then sends the signature back to the web server. If the server can validate the signature using the public key it has for that user and verify the challenge is correct, it will securely authenticate the user.

You can test this for yourself using a Microsoft Test Drive web site for Edge: The site needs to ensure that you’re you, so to speak, and will do so via Windows Hello—or by a PIN verification—on the PC client. And then you’re let into the site, and no credentials have changed hands at all. That is, your Windows login remains secure and isolated from the web site.

pin

According to Microsoft, Edge’s support for Hello is driven by web standards—including an early implementation of the Web Authentication (formerly FIDO 2.0) specification—and the software giant is working with web standards bodies to standardize the APIs its using.

Microsoft is also working with the same standards bodies on two-factor and password-less authentication for the web.

“In the password-less case, the user does not need to log into the web page using a user name or password – they can login solely using Windows Hello,” Microsoft says. “In the two factor case, the user logs in normally using a user name and password, but Windows Hello is used as a second factor check to make the overall authentication stronger.”

Microsoft Edge is obviously not read for prime time in the shipping (1511) version of Windows 10. But with extensions and now Windows Hello support coming in the Anniversary update, Edge could very well go from also-ran to no-brainer this year. And that is pretty amazing.

 

Tagged with

Share post

Please check our Community Guidelines before commenting

Conversation 1 comments

  • OhBrother

    13 August, 2018 - 5:09 pm

    <p>So it's been two years – where in the heck are all the websites and apps that allow Windows Hello face recognition? What a complete waste of an opportunity. MS has had this since 2014, and has squandered drawing the world into it, while iPad is going to catch up and overtake them with FaceID. Just ridiculous.</p>

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Thurrott © 2024 Thurrott LLC