In Windows 10, Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN.
Windows Hello for Business lets user authenticate to an Active Directory or Azure Active Directory account.
Windows Hello addresses the following problems with passwords:
· Strong passwords can be difficult to remember, and users often reuse passwords on multiple sites.
· Server breaches can expose symmetric network credentials (passwords).
· Passwords are subject to replay attacks.
· Users can inadvertently expose their passwords due to phishing attacks.
- "Windows Hello for Business" - https://docs.microsoft.com/en-us/windows/access-protection/hello-for-business/hello-identity-verification
- Overview - https://docs.microsoft.com/en-us/windows/access-protection/hello-for-business/hello-overview
- Why PIN is better than a password - https://docs.microsoft.com/en-us/windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password
- Manage Windows Hello in your Organization - https://docs.microsoft.com/en-us/windows/access-protection/hello-for-business/hello-manage-in-organization