As it turns out Windows 10 they will use standards based on two-factor authentication for each device. The company considers the measure necessary for effective defense against attacks Phishing and more generally to data breaches through a weak password. The company announced new features aimed at securing corporate systems from malware attacks and data leaks.
Οι περισσότεροι για την πρώιμη κυκλοφορία των Windows 10 Technical Preview, αναφέρουν σαν "γεγονός της χρονιάς" την επιστοφή του menu Έναρξης, τα Interactive desktops, and other visible points that come for a better and more intuitive user experience. But the company says that the new operating system will bring much more important changes, especially in the critical area of security.
If you're really looking into new Windows, you'll see a new service called New Generation Credentials ή Next Generation Credentials, which is installed but does not work in preview builds.
Today, Microsoft has revealed more details σχετικά με τα σχέδιά της να "μεταφέρει κόσμο μακριά από τη χρήση των ενιαίων επιλογών ελέγχου ταυτότητας, όπως τους κωδικούς πρόσβασης." Η λειτουργία, η οποία δεν είναι προς το παρόν ενεργοποιημένη στα Windows 10 Technical Preview builds, θα επιτρέπει στους ιδιοκτήτες των συστημάτων με το νέο λειτουργικό (PC, tablet ή κινητό) για να χαρακτηρίζουν αυτή τη συσκευή τους σαν αξιόπιστη για τους σκοπούς μιας πιστοποίησης. Σε συνδυασμό με ένα PIN με κάποιο βιομετρικό αποδεικτικό μέσο, όπως ένα δακτυλικό αποτύπωμα παραδείγματος χάρη, ο χρήστης θα είναι σε θέση να συνδεθεί με οποιαδήποτε υποστηριζόμενη κινητή υπηρεσία.
The PIN, Microsoft says, can be any combination of alphanumeric characters — it won't be limited to a small numeric code. If this PIN is stolen in a data breach or phishing attack, the thief will not be able to access any service because the hardware part (the machine with the device for biometric control, such as a touch screen) of the control requirement two-factor authentication is not present. Likewise, a stolen device without the necessary PIN will be useless.
The authentication system was not entirely built by Microsoft. It is based on its standards FIDO Alliance(Google, Microsoft, Lenovo, and others), banks and payment companies (BofA, PayPal, Visa and MasterCard), as well as established security firms such as RSA and IdentityX.
In the device itself, the required public and private keys can be issued directly by an enterprise, using the existing PKI infrastructure, while consumer devices can have them from Windows 10 which they can also produce.
According to Microsoft, Windows 10 users will be able to add to their trusted computer, any or all of their devices with these new credentials. As an alternative, they may choose to add a single device, which will then serve as a virtual smart card. A mobile phone, for example, can offer two-way authentication via Bluetooth or Wi-Fi for adding local devices or accessing remote resources.
Users' access tokens will be stored in a virtual safe part running with Hyper-V technology, eliminating the effectiveness of common attacks such as Pass The Hash.
In today's announcements, Microsoft also reported two new features of Windows 10 that will enhance security in its customers' businesses.
The first is a set of information-protection capabilities that will make it possible to protect corporate data, even on devices belonging to employees. Windows 10, as reported by the company, will allow network administrators to define policies that will automatically encrypt sensitive information, including corporate applications, data, email, and intranet site content.
Because this encryption will be built into common Windows control panels, such as the Open and Save dialog, it will be available to all Windows applications that use these controls. To enhance security, administrators will be able to create lists of applications that are allowed to access encrypted data, as well as those that will not have access to network management and can choose not to grant access to services cloud like Dropbox, for example.
Finally, a security measure built for high-profile companies with high security needs, such as banks, or the defense sector and government agencies. Post 10 Windows Enterprise and a specially configured OEM hardware, administrators will be able to completely lock all devices in order not to be able to perform an unreliable code.
With this setting, the only applications you are allowed to run are those who have entered into an agreement with Microsoft that has issued and signed the certificate. These apps include any app from the Windows store, as well as desktop applications that have been approved by Microsoft. Businesses with internal lines and corporate applications can have their own security key generator, which will allow these applications to run on their network, but they will not work offline.
