Accessing Windows Accounts Without Utilizing Passwords
In the ever-evolving digital landscape, the importance of IT security has never been more paramount. One of the key solutions to bolster security is multi-factor authentication (MFA), a method that requires users to provide at least two pieces of information from two different categories: 'Have', 'Be', and 'Know'.
Google, the tech giant behind Android, has implemented a Gatekeeper-like token system for approach authentication on Android devices. This system, similar to Apple's Gatekeeper on macOS, requires developer certification and identity verification for sideloaded Android apps. This measure is aimed at enhancing security and accountability, especially in scenarios such as medical practices or hospitals where user inputs need to be secured, or for CAM system operators to prevent manipulation.
The FIDO2 standard, in combination with Windows Hello in Windows 10 from version 1809, enables native support for passwordless logins. This trend is also advocated by Microsoft and the FIDO Alliance for higher security and user comfort. FIDO2/WebAuthn allows passwordless authentication for all Microsoft services, including Azure Active Directory (Azure AD).
Modern hardware tokens, such as the YubiKey 5, USB tokens like Winkeo, and Smartcard tokens like Badgeo, are suitable for the 'Have' factor in authentication. For instance, the Dual-Smartcard with NFC NEOWAVE Badgeo can be used for Windows login without a password (under AzureAD) as well as for access control, identity management, time recording, and digital signing. The Smartcard component of NEOWAVE tokens is certified with Common Criteria EAL 5+, a certification recognized by the German BSI.
The Gatekeeper Halberd Token, a special form of authentication for approach authentication via Bluetooth Smart BLE token, while not seamlessly integrating into Microsoft Windows Login, offers a secure solution for approach authentication. However, it's important to note that even strong passwords can fail due to modern attack vectors, making MFA an essential component of IT security.
The Gatekeeper Enterprise Software is necessary to manage the workflows that should run when approaching a PC or a CAM system. This software also logs all login/logout procedures or can be configured directly via (Azure) Active Directory using group policies.
For detailed information about Gatekeeper, see the article 'Keyless-Go Data Protection'. It's also worth noting that no specific percentage of security through multi-factor authentication is provided, but both Microsoft and the FIDO Alliance strongly recommend its use.
However, regarding BSI recommendations for password change intervals and avoiding time-controlled password changes, no information was provided in the text. It's crucial for organizations to follow best practices and guidelines to ensure the highest level of security.
In conclusion, the adoption of multi-factor authentication, such as the Gatekeeper system and modern hardware tokens, is a significant step towards bolstering IT security and enhancing user comfort. As digital threats continue to evolve, it's essential to stay informed and implement the most secure measures available.
