Ensuring user identity security
In our defense-in-depth look at securing Windows 11 systems, this section looks at the security measures we can take to protect user identity security. This section will cover Windows Hello for Business and Microsoft Defender Credential Guard.
Windows Hello for Business
Windows Hello for Business is a secure authentication solution that uses two-factor authentication on devices to replace passwords. The two factors used for authentication are a device-tied user credential and a biometric or PIN. A PIN is more secure than a password as it is tied to the device.
The following problems with passwords are addressed with Windows Hello:
- It’s difficult to remember strong passwords, leading to reuse across sites
- Passwords can be exposed upon breach/phishing attacks
- Replay attacks on passwords
- Microsoft Account
- Microsoft Active...