ไมโครซอฟท์ประกาศว่าแอคเคาท์ไมโครซอฟท์รองรับการล็อกอินด้วยคีย์ FIDO2 และ Windows Hello แล้ว โดยจะใช้ได้เฉพาะบน Windows 10 (October 2018) ขึ้นไปและเฉพาะบน Microsoft Edge เท่านั้น
การตั้งค่าต้องเข้าไปที่หน้าแอคเคาท์ไมโครซอฟท์ เลือก Security และ More Security Options แล้วกด Windows Hello and Security Keys
Microsoft has been on a mission to eliminate passwords and help people protect their data and accounts from threats. As a member of the Fast Identity Online (FIDO) Alliance and the World Wide Web Consortium (W3C).
FIDO2 protects user credentials using public/private key encryption. When you create and register a FIDO2 credential, the device (your PC or the FIDO2 device) generates a private and public key on the device. The private key is stored securely on the device and can only be used after it has been unlocked using a local gesture like biometric or PIN. Note that your biometric or PIN never leaves the device. At the same time that the private key is stored, the public key is sent to the Microsoft account system in the cloud and registered with your user account.
When you later sign in, the Microsoft account system provides a nonce to your PC or FIDO2 device. Your PC or device then uses the private key to sign the nonce. The signed nonce and metadata is sent back to the Microsoft account system, where it is verified using the public key. The signed metadata as specified by the WebAuthn and FIDO2 specs provides information, such as whether the user was present, and verifies the authentication through the local gesture. It’s these properties that make authentication with Windows Hello and FIDO2 devices not “phishable” or easily stolen by malware.
ที่มา: – https://www.microsoft.com/…/sign-in-to-your-microsoft-acco…/