![]() The EK creates root trust for all keys its TPM generates and is used to create an Attestation Identity Key (AIK). In this scenario, an Endorsement Key (EK) certificate remains in the TPM. Key-based is the most secure method of performing identity authentication where TPMs generate the key. Microsoft Passport can use either hardware (key-based) or software (certificate-based) to perform identity authentication. The private key always remains on the device and acts as one half of the 2FA with the other half being the user gesture. ![]() If the device does not have a supported TPM, software is required. The Windows device attests to this certificate when it has TPM 1.2 or 2.0. The user will choose a gesture (PIN, biometric) which is linked to a certificate. The Microsoft account creates a public key pair upon registration which identifies the user whenever they log in. Microsoft Passport uses a certificate based on an asymmetrical key pair to keep user information secure. Non-Microsoft services that can support Fast ID Online (FIDO)Ī little about how Microsoft passport works. ![]() This offers enhanced information security over the password and, in many ways, makes the concept of the traditional password obsolete. The two factors of this authentication method are usually the Windows device itself and a PIN chosen by the user. Instead of relying on a traditional password for user account security, Microsoft Passport uses two factor authentication (2FA). Microsoft Passport is a user authentication measure new to Windows 10 and is the response to the user privacy issue mentioned above. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
February 2023
Categories |