Microsoft Tests Windows Hello Authentication Feature To Tackle Auto-Fill Password Disaster

  • Your friends and family members can have access to your saved log-in credentials if you share your devices with them.
  • Having a master password can be a solution to address the said concern of a user.
  • Microsoft has now finally come with an idea to address these concerns in the form of a Windows Hello authentication feature.

You might be thinking that you are the only person who can have access to auto-fill information saved on your browsers. But practically, there are other chances too.

Users who have saved log-in credentials to their browsers have reported an issue that their friends can have access to their accounts without their permission. So, they just opt not to use the auto-fill feature. Users then face difficulties having to remember a lot of passwords.

Microsoft posted on Github providing the possible solution for the said concerns of users. According to the post, users have shown concerns because their friends and family members can have access to their log-in credentials without their permission if they share their devices with them. The said concern is due to the auto-fill feature of several web browsers.

With the auto-fill feature turned on, if you give your device to any other person, they can log-in to your account by just one tap if they surf around the signin section of a website on your browser. The browser will auto-fill the previously saved log-in credentials to the log-in form. Moreover, the browser may reveal the log-in credentials to that person.

Microsoft came with the idea of having a master password 10 years ago but the company did not go through it. A master password can easily be hacked if it is not protected by a complete authorization store encryption. This solution gives users a fake sense of being secured.

Now, in the year 2020, the company has come up with a better solution. The solution suggests to putting a default hook for re-authorization of the OS in the way of browser’s auto-fill code. The said re-authorization can include the users to re-enter an operating system level password or may include to using the biometric feature of those devices which support the said feature. We cannot explain how the user agents are going to build a user interface to make sure the users will be able to easily interpret the threat model of this re-authorization.

The proposal on Github explains that by default, you will not be asked to re-authenticate until they choose to do so by configuring the setting of their browser. The feature will also ensure that the saved log-in credentials are not accessed without the user’s indication. The company tends to improve in this space to bring extra satisfaction to its users.

The feature called ‘Windows Hello’ authentication is already added by Google Chrome and Firefox to authenticate the show of saved log-in credentials in the browser’s settings. Rather than making the users memorize an additional password, the company likely wants the users, who are concerned about the sharing of their mobile phones or other devices, to use biometric authorization to auto-fill the saved credentials of their accounts.

Illustration: Freepik / vladwel

Read next: Microsoft's Windows Defined Computers And Stats Prove That It Will Continue To Do So
Previous Post Next Post