At a time of increasingly risky online world, it pays to expand our options for staying safe as we browse the Internet. Various security protocols not only help us in choosing the methods with which to protect ourselves, they also provide flexible products that meet our unique requirements.
At Microsoft, two security protocols stand out for use in logging in to your favorite websites and apps: Hello and Passport. These protocols were announced by Microsoft in March, though the company did not provide specific details on how both security tools work. Now, we have learned more about them.
Hello, as Microsoft said, is a biometric authentication protocol and Passport a separate tool for accessing third-party websites and apps through the Hello protocol or using a passphrase.
There are three kinds of biometric authentication that the Hello protocol works with, namely fingerprint, face and iris. The iris biometrics, in particular, is something new in the list. Face and fingerprint recognition systems are already being offered by a number of tech firms, including Apple and Google for their iOS and Android operating systems.
Security experts believe the iris recognition system makes for more accurate scanning of a user’s identity than the other two factors. In addition to its accuracy, iris-based authentication is less vulnerable to spoofing, which hackers have been lately using to work their way around the face and fingerprint recognition technologies. We have seen a number of reports that demonstrate this fact in recent months.
On the technical side, the Hello protocol is built with an anti-spoofing feature that detects images and blocks them, as these are the usual resort for malicious actors trying to imitate fingerprint or facial attributes to dupe the device into believing that it is the legit user. Hello also has a live-ness detection capability which makes sure what is being presented for authentication is not a photo but a real and live person, the legit user.
In essence, Hello is designed to help users authenticate their identity on their devices to protect the gadget from third party access. On the other hand, Passport is Microsoft’s way of inviting users to log in to third party websites and apps, all without the requirement of multiple passwords for security.
Microsoft designed Passport to operate with Hello. How do they work together? Think of your fingerprint data stored locally in your personal device. When you try to log in to a third-party service, you can authenticate yourself using that data without transmitting sensitive information to the third-party website or app. Otherwise, it would increase your chance of being exposed to hackers.