Passwords are a weak link in the security chain, no matter if they are made up of a combination of at least 8 letters, numbers and special characters and are changed every 3 months. That’s because it has to be secured by a network - as a hash value or encrypted, it doesn’t matter. It still exists somewhere to identify the user. This can be dangerous when your company is hacked or compromised. We know from experience that users like to use their passwords for more than one site because it’s easier than having to remember several, and the risk of being tricked into revealing them in a phishing attack is greater than you might think.
It is critical that the information saved on the network and on the user’s end device do not match. Yes, that’s right. They should not match. This is an asymmetrical approach similar to how security certificates work with both a private and public key. The public key is stored within the infrastructure - in this case, Microsoft Azure - and the private key remains on the end device in the form of a TPM chip and cannot be removed. During login, the private key is unlocked using, for example, biometrics in the form of a Windows Hello camera. Your device then receives an authentication token from the Microsoft Azure directory without the need for transmitting a password.
These days, many services are secured with multi-factor authentication, but this is at the expense of convenience. If you are working from home or connected to a public network, a PIN which is sent via SMS or an app has to be entered every time. Windows Hello for Business enables secure biometric login, but that’s not all. You can also configure a further raft of security features.
For extra security, a PIN generated by the Microsoft Authenticator App can also be added, which also checks if the phone is close to the Windows device. This means that you can ensure that the device locks as soon as the phone is moved away and the strict “15 minutes until the device is locked” rule is enhanced.
Protect your business from a security vulnerability that you may not have known existed at the start of this blog! Bechtle offers a wide range of support for the strategic implementation of Windows Hello for Business. From choosing the right end device to installation - we are the reliable partner by your side. Interested in learning more? Then give us a call!