Microsoft reveals that Windows 10 will be getting support for 2-step authentication, enabling you to use your PC or phone as an extra layer of security, not only for the OS itself but also for websites and online services. You can read the full article over here.
Once enrolled, devices themselves become one of two factors that are required for authentication. The second factor will be a PIN or biometric, such as fingerprint. From a security standpoint, this means that an attacker would need to have a user’s physical device – in addition to the means to use the user’s credential – which would require access to the users PIN or biometric information. Users will be able to enroll each of their devices with these new credentials, or they can enroll a single device, such as a mobile phone, which will effectively become their mobile credential. It will enable them to sign-in into all of their PC’s, networks, and web services as long as their mobile phone is nearby. In this case, the phone, using Bluetooth or Wi-Fi communication, will behave like a remote smartcard and it will offer two factor authentication for both local sign-in and remote access.
If we drill a bit deeper into this component of Windows 10 and look under the hood, IT and security teams would find that things look quite familiar. The credential itself can be one of two things. It can be a cryptographically generated key pair (private and public keys) generated by Windows itself or it can be a certificate provisioned to the device from existing PKI infrastructures. Providing both of these options makes Windows 10 great for organizations with existing PKI investments and it makes it viable for the web and consumer scenarios where PKI backed identity isn’t practical. Active Directory, Azure Active Directory, and Microsoft Accounts will support our new user credentials solution right out of box, so enterprises and consumers using Microsoft online services will quickly be able to move away from passwords. This technology is intentionally being designed so that it can be adopted broadly across other platforms, the web, and other infrastructures.