Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Microsoft tests use of iPhone authenticator app as password replacement in Windows 10 S mode preview

Microsoft is allowing users to sign into their computers using an authenticator app instead of a password, as part of testing of Windows 10 S that effectively eliminates the stripped-down version of the operating system in favor of a new mode for all Windows 10 variants.

The latest Windows 10 Insider Preview build adds an option for those running Windows 10 S to use the Microsoft Authenticator app on an iPhone or other smartphone to confirm their identity, in place of the usual password-based authentication. Downloaded to an iPhone, the app is usually employed in two-factor authentication, but in this instance, the app becomes the only authentication factor.

Microsoft claims testers will be able to go through the "out-of-box experience," including setting up Windows Hello and installing various apps and services, without entering a password into the PC at all.

Despite the lack of a password, the Windows 10 S installation still offers security, including Windows Hello facial recognition, fingerprint reading, and a security PIN. These alternative security options are already offered to users, depending on the available hardware, though the process to set these up did previously require a password.

The Windows 10 S Mode feature test is part of Microsoft's plan to remove it as a Windows variant entirely, reports Thurrott.com. Windows 10 S isn't disappearing completely, as it will apparently be included as its own mode for all versions of Windows 10 at some point in the future.

Initially introduced alongside the Surface Laptop last year, Windows 10 S is a stripped-down version of Windows that will only run Windows Store titles, in theory reducing the possibility of security risks and simplifying device management in schools and enterprise. Users are able to upgrade from the S release to full versions, removing the restrictions and giving users free reign to run software from alternative sources.

While Windows 10 S has been viewed as a less successful version of Windows, it is reported that 60 percent of its users on third-party devices stick with it instead of switching to an unrestricted Windows version. Microsoft claims that approximately 60 percent of those who switch do so within 24 hours of owning the device, while 83 percent of those who don't switch within the first seven days of ownership will continue running the device in S mode.

The Windows 10 Insider Preview includes a number of other features destined for public release in the coming months. The Game Bar has been updated to make it easier to use, including toggles for the microphone and camera and new themes, while a new calibration tool has been included for altering how HDR video appears on the device.

New graphic settings for multi-GPU systems, eye control improvements, updates to Windows Security, F11 full screen support for Microsoft Edge, a streamlined Bluetooth pairing process, text input changes, and the ability to wipe diagnostic data from a device are also included in the preview release, among other changes.



6 Comments

rob53 13 Years · 3313 comments

Is there an admin logon and password for Windows 10 S?

This article seems to imply that enough services are operational after startup without any kind of logon to allow either a bluetooth, internet (ethernet or WiFi), or (maybe) NFC connection between the PC and an iPhone app. The streamlined Bluetooth pairing process worries me because if this is how it connects, it needs to have very robust security.

How is the initial configuration made on the PC without being able to create an account with any kind of authentication (password, PIN, etc.)? 

What kind of traffic, both encrypted and unencrypted, happens between the Windows app, the iPhone, internet, and the PC? I use this capability all the time when accessing web sites as well as Apple's two-factor authentication but I don't see it passing any government security requirements since it's only a single factor authentication. Where is the PIN created and how is it passed to and from the iPhone and PC? How many systems are involved that could be monitored and hacked?

We're talking about Microsoft, a company that is totally in bed with the FBI and other government agencies. Will the FBI/NSA force Microsoft to include some kind of back door into their iPhone app that allows access to other iOS apps?

GeorgeBMac 8 Years · 11421 comments

rob53 said:
Is there an admin logon and password for Windows 10 S?

This article seems to imply that enough services are operational after startup without any kind of logon to allow either a bluetooth, internet (ethernet or WiFi), or (maybe) NFC connection between the PC and an iPhone app. The streamlined Bluetooth pairing process worries me because if this is how it connects, it needs to have very robust security.

How is the initial configuration made on the PC without being able to create an account with any kind of authentication (password, PIN, etc.)? 

What kind of traffic, both encrypted and unencrypted, happens between the Windows app, the iPhone, internet, and the PC? I use this capability all the time when accessing web sites as well as Apple's two-factor authentication but I don't see it passing any government security requirements since it's only a single factor authentication. Where is the PIN created and how is it passed to and from the iPhone and PC? How many systems are involved that could be monitored and hacked?

We're talking about Microsoft, a company that is totally in bed with the FBI and other government agencies. Will the FBI/NSA force Microsoft to include some kind of back door into their iPhone app that allows access to other iOS apps?

Good points and well stated!
While I would trust Apple to do the due diligence and back-end security work behind with this vague "It just connects and verifies" kind of description, there is NO WAY I would trust Microsoft...

It's the difference between a company that creates a great product and then markets it versus one that targets a market and then attempts to create a product that fills it.

racerhomie3 7 Years · 1264 comments

Stuck in 2010.
Bluetooth pairing mode. Is this the year 2000 ?

seanismorris 8 Years · 1624 comments

I agree about Bluetooth.  There’s a reason I have it disabled.

I’d still want 2FA.  Like a YubiKey + Described method

https://www.amazon.com/Yubico-YUBIKEY4-YubiKey-4/dp/B018Y1Q71M/ref=sr_1_4?ie=UTF8&qid=1518202726&sr=8-4&keywords=2FA

andrehinds 6 Years · 31 comments

I tried a beta of Authenticator last year and never got it to work. When I called Microsoft for help, I never got anyone in their so-called Customer Service who even understood what Authenticator was. Undoubtedly not ready for Prime Time.