Building some of these scenarios for your own business will mean using Windows Server 2016 as a domain controller for Active Directory and setting up mobile device management using Intune or System Center Configuration Manager, but you don’t have to wait until that ships. Here’s why:
Hello and Passport can already sign you into key Microsoft consumer services like Outlook.com and OneDrive. And, says Hallum, “organizations that want to use Microsoft Passport for strong authentication can use it on devices where Azure Active Directory is providing authentication services to get access to thousands of SaaS applications like Office 365 and Salesforce. As of the November 2015 update, organizations using Azure Active Directory and Active Directory on premises can use their Microsoft Passport credentials to get access to all their onsite business network resources, as well as cloud based resources with single sign-on and never be asked for corporate credentials.”
So how close is the idea of sitting down at your PC and having Windows Hello and Passport sign you in to your expenses app, your CRM system and your bank account? “Organizations that want to provide business software services have a few options,” says Hallum. “For example, a bank could choose to rely on Azure Active Directory or Microsoft Account to authenticate the business or consumer user. Or the bank could choose to perform their own authentication using Microsoft Passport technology.”
FIDO-based consumer services may be some way off, says Twilio’s Boroditsky. “There's nobody that believes passwords should continue; there's no advocate for perpetuating this broken system.” But he adds it could take time “until there are enough FIDO devices to be meaningful.” He says one credit card company working with Authy (and itself signed up with the FIDO Alliance) “estimates it could be three years until there’s a critical mass for their user base so they can say ‘use your FIDO device’ and not offend customers who don’t have a FIDO device.” For businesses serving consumers, “having a solution that serves the entire spectrum of the market is necessary.”
But for your own business, you may be able to move more quickly to kill off passwords by deploying Windows 10, especially once the remote unlock feature means you can do that with phones and other secondary devices. Given the risks of password breaches and credential theft, this is something you need to start planning for sooner rather than later.
Sign up for CIO Asia eNewsletters.