There is no denying that Microsoft is trying its best to get Microsoft Edge Browser competitive with Chrome and Mozilla counterparts. In its latest bid to boost security, the company is currently testing the addition of Windows Hello security support in Insider builds of Windows 10 Edge Browser.
Microsoft has revealed more information on those plans, including how web developers can leverage this feature on their websites.
In order to authenticate a user, the server sends down a plain text challenge to the browser. Once Microsoft Edge is able to verify the user through Windows Hello, the system will sign the challenge with a private key previously provisioned for this user and send the signature back to the server. If the server can validate the signature using the public key it has for that user and verify the challenge is correct, it can authenticate the user securely.
These keys are not only stronger credentials – they also can’t be guessed and can’t be re-used across origins. The public key is meaningless on its own and the private key is never shared. Not only is using Windows Hello a delightful user experience, it’s also more secure by preventing password guessing, phishing, and keylogging, and it’s resilient to server database attacks.
According to Microsoft, website developers can make use of the Web Authentication API to begin prototyping and testing for the addition of Windows Hello support in Edge. And also, the company is trying to work things out with the FIDO Alliance and W3C Web Authentication working group for standardizing these APIs so that anyone can make use of them.