Microsoft has very quietly confirmed the death of Windows 10 passwords this week. Microsoft’s crypto, identity and authentication team group manager, Yogesh Mehta, has made an announcement that he says puts “the 800 million people who use Windows 10 one step closer to a world without passwords.” Whether you love Microsoft or are a Windows 10 hater, I think most people will agree that passwords have long since reached their expiry date. By which I don’t just mean in the sense of security policy baseline recommendations either, although Microsoft did also recently announce a change to Windows 10 passwords in that regard as well. Rather I am referring to the whole concept of the password as a secure authentication method.
Mehta confirmed that with the release of the forthcoming Windows 10 May update, Windows Hello becomes a fully FIDO2 certified authenticator.