Intel’s vPro technology has been around for quite a while now, and with every new processor generation they seem to always add more features under the vPro umbrella. For a comprehensive look at what is existing now, check out the vPro launch for Broadwell. With Skylake, Intel is trying to tackle the challenge of securing computers, and the need for complex passwords. Passwords are a big pain point in the enterprise because people don’t like to make difficult passwords, and sharing passwords can be a big problem. Social engineering and more complex attack vectors can render passwords the easiest way to get into a company’s data.

Intel is launching Intel Authenticate today, and it will require a 6th generation Intel Core processor with vPro. Authenticate will combine several factors of authentication into a single login, which, in theory, should be easier for the end user as well.

It works by combining “something you know”, which can be a PIN or password, along with “something you have”, which could be a smartphone, and “something you are”, which is biometrics. Once you include many factors, the complexity to lose all of them to the same person goes up quite a bit. The “something you know” can therefore be much easier, such as a PIN, or simple password, since that is not the defining key to the system. IT will be able to choose from multiple factors based on their own policy and preferences. Once configured, the factors are captured, encrypted, matched, and stored in hardware.

The user data never leaves the hardware, reducing the footprint for attack, and removing the chance of accidental misuse by employees. All of the authentication is then done at the hardware level once the user has matched the stored profile. The inclusion of biometrics, especially if they are based on Intel’s RealSense 3D camera systems, also adds in the possibility of having machines auto-lock when the person steps away.

Overall, this is similar to Windows Hello, except with more authentication factors and the resultant matching done on the CPU. There are advantages to this method, but one of the biggest disadvantages is that it will require Skylake class hardware and newer, so you can’t deploy it to older machines. Interestingly it is available on Windows 7, 8.1, and 10, despite Windows 7 and Skylake having a rough start together.

Intel Authenticate is available now for customers to preview.

Source: Intel

POST A COMMENT

20 Comments

View All Comments

  • ironargonaut - Thursday, January 21, 2016 - link

    Cool, where is it and what is the password. Reply
  • rhog - Saturday, January 30, 2016 - link

    This has to be one of the silliest comments I have ever read. Please enlighten us all on how you could "easily swipe your fingerprint and create a replica". You must be reading too many marvel comics as this comment is just nonsense. Reply
  • plopke - Tuesday, January 19, 2016 - link

    And still there is not even 2 step authentication for my region on :
    -Amazon (unless forcing it by going true the american website)
    -paypal (Some people say you can , but like amazon i assume it isn't worldwide or pulled after a security paper?)
    -so many online ("cheap") hosting companies that sell simple password-login admin control panels.

    Being the tech guy for some elder people around me the entire idea of a password is so outdated. At least the local banks/gouvernement agencies have switch to none user password and using eID/cards/token systems.

    Quiet funny that gaming 10 years ago made me most aware of the need of more then just a password and overall the entire removal of them and using eID/certifcates/.... So many forum/WoW/Steam accounts getting hacked and indirectly making me to administrate/fix crap.
    Reply
  • Krysto - Wednesday, January 20, 2016 - link

    Just one problem: you have to trust Intel's much criticized by security experts' proprietary ME, where these credentials are stored. Reply
  • BigLan - Wednesday, January 20, 2016 - link

    Don't worry, I'm sure Mcafee will test it and validate it! Reply
  • MrSpadge - Wednesday, January 20, 2016 - link

    "despite Windows 7 and Skylake having a rough start together"

    Come on, AT, you can do better than this! If MS decides not to support features of new CPUs in Win 7/8, anyone else is free to do so. Many people wrote this in the comments of the original article. I'm not sure what's worse: an AT editor not being aware of this or an AT editor writing as if he wants to generate a problem where no problem is. I'm not saying this would be your intention.. but one can get that impression from the quoted sentence.
    Reply
  • Brett Howse - Wednesday, January 20, 2016 - link

    It's not just that. If you read the original article, Microsoft has the right to not patch Skylake systems if there is an issue only on Skylake. This news was targeted towards business and enterprise and there is a big difference there between something that works and something that is supported. Windows 7 has support until 2020, but not on Skylake. Just like in 2020 that doesn't mean Windows 7 will just shut down, but it's a big change in policy regardless. Reply
  • benzosaurus - Wednesday, January 20, 2016 - link

    Which is great and all, except that Intel's firmware ecosystem is horribly, fundamentally insecure, and frankly, the idea of it doing anything more related to security is downright terrifying: http://blog.invisiblethings.org/papers/2015/x86_ha...

    I've never really understood the desire to turn over security from well understood open-source software, to black-box firmware that could be doing whatever it wants to.
    Reply
  • beginner99 - Thursday, January 21, 2016 - link

    Interesting and will take 2 decades till it trickles down to IT departments. Or how else can be explained, that we still use passwords? Our IT in fact disables the fingerprint readers on the laptops. And has other stupid practices like password change every month. And password has to have all the bells and whistles. So yeah you know what people do: post-it on screen. Give everyone a fingerprint scanner and it would be 10times more secure. And if you then let them have a PIN + scanner like 100 times more secure.

    It's with everything else in companies. They say security is important balabla then you look what they actually do: non-sense because else it would cost them something.
    Reply
  • Azix - Thursday, February 18, 2016 - link

    something you do not need a CPU to do AT all. 2 step authentication? come on Reply

Log in

Don't have an account? Sign up now