Skip to main content
Skip to main content
Microsoft 365

Big news in our drive to eliminate passwords: FIDO2 / WebAuthn reaches candidate recommendation status!

Howdy folks,

At Microsoft we’ve been working hard to eliminate passwords since the very earliest stages of Windows 10. We’ve made great progress with Windows Hello and our mobile Authenticator app that’s available on iOS and Android. But to date we have not had an interoperable solution that works across all industry platforms and browsers.

That’s why I’m so excited about the this weeks news from the FIDO Alliance and the World Wide Web Consortium (W3C).  On Tuesday the W3C advanced the Web Authentication spec (WebAuthn) to Candidate Recommendation status.  WebAuthn defines a web API that enables browsers and sites to use external authenticator keys based on the FIDO standard. This means we now have a cross-platform option for providing strong authentication without passwords!  And with support from Google, Microsoft and Mozilla browsers, we’re optimistic that WebAuthn will rapidly become widely adopted.  WebAuthn works together with the Client Authentication Protocol (CTAP), another FIDO standard.  CTAP defines the protocol for an external security key and talk to a client device.  With CTAP in place, we’re excitedly awaiting the wide variety of cost-effective security key options and form factors that innovative companies like Yubico, HID, Infineon, and Feitan are already working on.

Overview of FIDO2 architectural components

Microsoft has been working with the FIDO alliance for 4+ years now. We’ve made major contributions to the development of the FIDO2 set of standards and we are committed to adding full support of CTAP on Windows 10 and WebAuthn in the Edge browser. Microsoft’s identity products and services will also support FIDO.  This will allow Microsoft customers to use any Microsoft identity – both personal Microsoft accounts and organizational identities based on Azure Active Directory – to signin using a FIDO device instead of a password on any FIDO2 compatible device or browser.

The Password-less future is rapidly approaching and we’re excited for it to arrive!

For more information on the big announcement check out: https://fidoalliance.org/fido-alliance-and-w3c-achieve-major-standards-milestone-in-global-effort-towards-simpler-stronger-authentication-on-the-web/

Best regards,

Alex Simons (Twitter: @Alex_A_Simons)

Director of Program Management

Microsoft Identity Division

Related posts

Image for: An image of a woman working at her home office on a Lenovo ThinkPad Yoga connected to an external monitor.

Making a big impact starts with making things really simple

Microsoft Endpoint Manager connects you to all the important aspects of your IT estate with native integration with Microsoft 365 and Microsoft’s advanced security, compliance, and identity solutions. Learn what’s new in Microsoft Endpoint Management and Productivity Score.

Image for: An IT worker holding a smoothie and working on his laptop.

New tools to help IT empower employees securely in a remote work world​

Today we’re happy to announce several improvements to Windows Virtual Desktop, Microsoft Endpoint Manager, Azure Active Directory, and Productivity Score.

Image for: A woman working at her desk.

Enable remote work faster with new Windows Virtual Desktop capabilities

Today we’re excited to announce the release of several new Windows Virtual Desktop capabilities, including improved management and deployment tools, security and compliance enhancements, an upgraded Microsoft Teams user experience, and expanded support for cross-platform operating systems.