Black Hat: Microsoft brings fingerprint sensors to Windows 8.1

LAS VEGAS: Microsoft's upcoming launch of Windows 8.1 is set to include a host of features designed to simplify authentication and data protection, the company said.

Speaking with V3 at the 2013 Black Hat conference, Microsoft Windows security and identity group programme manager Dustin Ingalls said that the company would be investing in both its in-house security tools as well as the options the company provides to third-party security vendors for managing and securing applications.

Among the new features will be an update to Internet Explorer which will allow anti-malware applications to load prior to any Active-X components in the browser's boot process. By having the ability to load early, the security tools will be able to spot and block potential threats from malicious ActiveX controls.

Also featuring in the 8.1 release will be Selective Wipe, a remote management component which will allow administrators to revoke encryption keys on specific files and remotely revoke the keys to block access when a device is lost or a user leaves a company.

Ingalls said that with consumerisation increasingly bringing personal tablets and PCs into the office, a conventional wipe tool that deletes all data on a device is no longer practical.

“If you wipe a whole phone today the worst you lose is a couple of text messages or some photos,” he said.

“You can't go wiping somebody's personal PC, you could find yourself in the middle of a nasty lawsuit or all sorts of other things.”

Perhaps the feature Microsoft is most proud of, however, is a leap forward in support for biometric authorisation. Once the domain of clumsy and unreliable swipe scanners, Microsoft has improved biometrics support and is working with hardware vendors on a new generation of sensors which will be able to authorise a user with a simple press of a fingerprint to a sensor embedded in a keyboard, notebook casing or tablet bezel.

Ingalls believes that with passwords no longer proving a practical measure and elaborate two-factor authentication schemes frustrating users, the time has come for a new generation of intelligent and precise biometric scanners.

“This is going to be a big deal. When even Twitter has to release a two-factor authentication passwords are reaching the end of their road,” he said.

“[Two-factor] might be more secure than just a password, but they are definitely not more usable, and that is why users won't use them.”