As it turns out Windows 10 will use standards based on two-factor authentication for each device. The company considers the measure necessary for effective defense against phishing attacks and data breaches in general through a non-powerful password. The company has announced new capabilities designed to ensure corporate systems from malware attacks and data leaks.
Most for the early release of Windows 10 Technical Preview, mention as "event of the year" its return menu Έναρξης, τα virtual desktops, και άλλα ορατά points which come for a better and more intuitive user experience. But the company says that the new operating system will bring much more important changes, especially in the critical area of security.
If you're really looking into new Windows, you'll see a new service called New Generation Credentials ή Next Generation Credentials, which is installed but does not work in preview builds.
Today, Microsoft has revealed more details about its plans to "move people away from using single authentication options like passwords." The feature, which is currently not enabled in Windows 10 Technical Preview builds, will allow system owners with the new operating system (PC, tablets or mobile) to mark that their device as trusted for the purposes of a certification. Combined with a PIN with some biometric proof, such as a fingerprint for example, the user will be able to connect to any supported mobile service.
The PIN, says Microsoft, can be any combination of alphanumeric characters - it will not be limited to a small numeric code. If this PIN is stolen in a data breach or phishing attack, the thief will not be able to access any service because the hardware part (the machine with the biometric control device, such as a touch screen) of the control requirement two-factor identity is not present. Likewise, a stolen device without the required PIN will be useless.
The system authentication was not entirely developed by Microsoft. It is based on its standards FIDO Alliance(Google, Microsoft, Lenovo, and others), banks and payment companies (BofA, PayPal, Visa and MasterCard), as well as established security firms such as RSA and IdentityX.
In the device itself, the required public and private keys can be issued directly by an enterprise, using the existing PKI infrastructure, while consumer devices can have them from Windows 10 which they can also produce.
According to Microsoft, Windows 10 users will be able to add to their trusted computer, any or all of their devices with these new credentials. As an alternative, they may choose to add a single device, which will then serve as a virtual smart card. A mobile phone, for example, can offer two-way authentication via Bluetooth or Wi-Fi for adding local devices or accessing remote resources.
Users' access tokens will be stored in a virtual safe part running with Hyper-V technology, eliminating the effectiveness of common attacks such as Pass The Hash.
In today's announcements, Microsoft also reported two new features of Windows 10 that will enhance security in its customers' businesses.
The first is a set of information-protection capabilities that will make it possible to protect corporate data, even on employee-owned devices. Windows 10, the company says, will allow network administrators to set policies that automatically encrypt sensitive information, including corporate applications, data, email, and the content of intranet sites.
Because this encryption will be built into common Windows control panels, such as Open and Save Dialog, it will be available to all Windows applications that use these controls. To enhance security, administrators will be able to create lists of applications that are allowed to access encrypted data as well as those who will not have access to network management and will be able to choose not to give access to cloud services such as Dropbox, for example.
Finally, a security measure built for high-profile companies with high security needs, such as banks, or the defense sector and government agencies. Post 10 Windows Enterprise and a specially configured OEM hardware, administrators will be able to completely lock all devices in order not to be able to perform an unreliable code.
With this setting, the only applications you are allowed to run are those who have entered into an agreement with Microsoft that has issued and signed the certificate. These apps include any app from the Windows store, as well as desktop applications that have been approved by Microsoft. Businesses with internal lines and corporate applications can have their own security key generator, which will allow these applications to run on their network, but they will not work offline.
