Microphone check one, two…
Windows 10 is here to stay and I’m here to say, that before you blame, Microsoft for being lame, you should check out this new thing, that they’re doing today.
C’mon! You didn’t know I could rap? If you could only hear the sultry J. Dilla instrumental in the background, I promise I’d have you nodding your head by now. Baseline is funky.
So here’s the dilly…
Today I want to talk about 4 hip and estimable security security features landing in the final version of Windows 10. Pop on your headphones, crank up the hip-hop and read on.
So let’s start from the top.
Microsoft wants to completely remix the whole username and password thing. Passwords are problematic.
For one, it’s hard to create strong, memorable passwords. And secondly, even strong passwords are susceptible to being hacked.
Hoodwinking the hackers
It honestly feels like almost every week a new web service is being attacked or breached by motivated, well funded cybercriminals. For example, a few weeks ago I reported on how 7 million Dropbox accounts were allegedly hacked and before that I showed you that over 5 million Gmail.com accounts were compromised.
Getting your accounts stolen is becoming the status quo. The zeitgeist of 2014 has been one marked by data breaches and up until now I haven’t seen any major companies being sedulous to reverse the trend.
Say what’s up to Windows 10
I’ve been hanging out with Windows 10 since its embryonic release and really dig it. Sure, I have my complaints against Windows 10, but for the most part I think it’s a step forward.
And today, I can honestly say it’s an even bigger step forward that I thought.
Jim Alkove, lead for the Windows Enterprise Program Management Team, posted exciting news about the improvements his team is making to identity protection and access control.
1. Fancy Factors
Windows 10 has a new take on two-factor authentication.
Two factor authentication means that you need two things before you can access a resource. Usually it’s a combination of two out of three criteria:
- Something you know (Like a password)
- Something you have (Like a smart card)
- Something you are (Like your fingerprint or hand geometry)
Using merely one factor for authentication is risky business because an attacker only needs to guess or steal that one item before he gets in.
Using two factors is better, and although it’s not perfect, you’re still safer using it. For example, Gmail let’s you sign in with something you know, your password, and something you have, a text message sent to your cell phone. This means an attacker would need to not only guess your password but somehow obtain the text message on your phone to steal your account.
That’s a herculean task if you ask me.
But here’s the thing: Microsoft came up with the revolutionary idea that will let you enroll your mobile device as a factor in the two-factor authentication equation.
Your smartphone becomes a “mobile credential” that gives you the keys to the kingdom.
By either connecting your phone to the same Wi-fi network as your PC or by using Bluetooth technology, the Windows 10 will recognize your enrolled phone as one piece of the puzzle. The other piece would come from something else like a fingerprint scan.
I think this is a really smart idea. People carry their phones around like wallets so why not put that to good use? Conversely, if you lose your phone or phone charger and the battery dies you could get locked out of your computer so I’m curious to see how Microsoft is going to deal with that scenario.
2. Plugging data leaks
It’s one thing to protect data when it arrives but how do you protect it when it leaves?
According to page 3 of the 2014 page Stroz Friedberg report (PDF), a whopping 58% of senior managers admit to accidentally sending sensitive information to the wrong person. Furthermore, a stratospheric 87% confessed to regularly uploading corporate files to personal cloud accounts!
Windows 10 aims to squelch this problem by bifurcating company and personal data.
When company content arrives on the device from the corporate network, it gets automatically encrypted. Administrators also have the ability to tweak this behavior through curated policies. For example, if you’re the guy in charge of IT, you can proscribe corporate content from being copied to non-corporate destinations.
Alkove didn’t delineate exactly how this works, but I’m sure proficient users will find creative workarounds to these controls. For example, I’m envisioning people using their smartphones to take pictures of the senstive content in files…
But that’s not really the point right? The point is that Microsoft is getting serious about data protection and implementing data loss prevention technologies like the one I just mentioned is a good thing.
3.Beefier VPN and Lissome Lockdown
Windows 10 is getting a beefier VPN solution.
IT administrators now have granular control over the exact applications that can be granted access through the VPN tunnel which will give admins even more control as they dance the tightrope of restricted controls and unfettered productivity. The balance between protection and productivity is a constant web of tension; however, the new VPN controls touted by Microsoft may boost both variables.
But what about Malware?
Thankfully Windows 10 has sured up its defenses against Malware too. I captioned this section “lissome lockdown” because Windows 10 is now nimble enough to let you lockdown the device and restrict installations to trusted application.
If the apps aren’t signed by a signing service that Microsoft provides admins, then the app isn’t permitted. Simple enough. The nice thing is that IT gurus can tune exactly what apps are allowed and everything from Modern UI apps to traditional desktop programs are configurable.
The Bottom Line
Microsoft’s security moves are laudable and portable. Hopefully Windows 10 will be affordable!
Okay, now crank down the hip-hop, take off your headphones and tell me your thoughts.
What do you think about Microsoft’s new take on two-factor authentication? What about its new data leak prevention solution? Do you see any loopholes with that?
Share in the comments! I’d love to hear what’s on your mind.