While the final version of Windows 10 won't be launched for at least several months, Microsoft already has plans to offer users a ton of security improvements for the operating system. Today, the company outlined some of those planned features in a lengthy blog post.
One of the new improvements will help better protect users from identity theft when using Windows 10-based devices. Microsoft says:
"Once enrolled, devices themselves become one of two factors that are required for authentication. The second factor will be a PIN or biometric, such as fingerprint. From a security standpoint, this means that an attacker would need to have a user's physical device – in addition to the means to use the user's credential – which would require access to the users PIN or biometric information. Users will be able to enroll each of their devices with these new credentials, or they can enroll a single device, such as a mobile phone, which will effectively become their mobile credential. It will enable them to sign-in into all of their PC's, networks, and web services as long as their mobile phone is nearby. In this case, the phone, using Bluetooth or Wi-Fi communication, will behave like a remote smartcard and it will offer two factor authentication for both local sign-in and remote access.
Microsoft says they also hope to prevent attacks on user access tokens in Windows 10 "with an architectural solution that stores user access tokens within a secure container running on top of Hyper-V technology."
In terms of protecting information and data, Microsoft says:
"In Windows 10, we address this problem with a data loss prevention (DLP) solution that separates corporate and personal data and helps protect it using containment. We are building this capability into the platform itself and integrating it within the existing user experience to enable protection without the disruption frequently seen in other solutions. There will be no need for your users to switch modes, or apps in order to protect corporate data, which means that users can help keep data safe without changing their behavior.
Microsoft also wants to protect users from malware via downloaded apps. It states:
"Organizations will have the flexibility to choose what apps are trustworthy – just apps that are signed by themselves, specially signed apps from ISVs, apps from the Windows Store, or all of the above. Unlike Windows Phone these apps can also include desktop (Win32) apps – meaning that anything that can run on the Windows desktop can also run on these devices."
There's a lot more detail about what Microsoft has planned for security improvements in Windows 10 in the blog post. Do you think these measures will make using the OS safer when it launches?