- Jul 31, 2021
Today, Microsoft introduced support for the Web Authentication feature in the Microsoft Edge browser, allowing users to have a better and more secure experience on the web without a password.
Starting with build 17723, Microsoft Edge supports the CR version of Web Authentication. This implementation includes support for the widest variety of authenticators for Web Authentication, to date. It enables Microsoft Edge users to sign in with strong public-key credentials, such as their fingerprint, face, PIN, or portable FIDO2 devices, instead of passwords.
Standing in this era of technology, we let websites to store our credit card numbers, addresses, and other sensitive personal information, without batting an eye. But all of it is held together by a password, which is an outdated security model for this age. It is as important to stay secure on the web, as it is necessary to access the web. Passwords are hard to memorize, easy to forget, and susceptible to phishing and cracking.
For this reason, Microsoft is aiming for a passwordless yet secure experience on the web, with more advanced ways like Windows Hello biometrics and creation of Web Authentication, an open standard for passwordless authentication.
Windows Hello lets users authenticate without a password on any Windows 10 device. They can use biometrics like face and fingerprint recognition to log in to websites with only a glance or use a PIN number to sign in. External FIDO2 security keys also work for authentication with a removable device and the user’s biometrics or PIN. Some websites do not yet offer a complete passwordless model. For those, backward compatibility with FIDO U2F devices can act as a strong enough secondary security besides the password.
Microsoft has also discussed how APIs could be used for approving a payment on the web with one’s face, at RSA 2018.
In order to get started with Web Authentication in Microsoft Edge, install Windows Insider Preview build 17723 or higher to try it out yourself, or check out the Microsoft Web Authentication guide for more information.