Three out of four people are known to use the same password for multiple accounts, leaving the purpose of such security to be questioned. Even newer implementations such as two-factor authentication can be ousted. This is why Windows has executed a plan to use Biometrics in the form of Windows Hello or FIDO2 devices such as Yubikey or FEITIAN, which are both available for $30-60 dollars. Rob Lefferts, the VP of Security at Microsoft said “Passwords are bad for the planet. They’re bad for people. They’re the easiest way for attackers to get in, and in the case of account takeovers, they’re even a way to force people out.” When a user signs in, the Microsoft account framework gives a nonce–a discretionary one-time number to the PC or FIDO2 gadget, which utilizes the previously-mentioned private key to sign the nonce. The last of which contains data about the conditions of the login. For example, regardless of whether the character was confirmed through a biometric examination, they’re sent to the Microsoft account framework where they’re checked utilizing the public key.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is