Intel’s vPro technology has been around for quite a while now, and with every new processor generation they seem to always add more features under the vPro umbrella. For a comprehensive look at what is existing now, check out the vPro launch for Broadwell. With Skylake, Intel is trying to tackle the challenge of securing computers, and the need for complex passwords. Passwords are a big pain point in the enterprise because people don’t like to make difficult passwords, and sharing passwords can be a big problem. Social engineering and more complex attack vectors can render passwords the easiest way to get into a company’s data.
Intel is launching Intel Authenticate today, and it will require a 6th generation Intel Core processor with vPro. Authenticate will combine several factors of authentication into a single login, which, in theory, should be easier for the end user as well.
It works by combining “something you know”, which can be a PIN or password, along with “something you have”, which could be a smartphone, and “something you are”, which is biometrics. Once you include many factors, the complexity to lose all of them to the same person goes up quite a bit. The “something you know” can therefore be much easier, such as a PIN, or simple password, since that is not the defining key to the system. IT will be able to choose from multiple factors based on their own policy and preferences. Once configured, the factors are captured, encrypted, matched, and stored in hardware.
The user data never leaves the hardware, reducing the footprint for attack, and removing the chance of accidental misuse by employees. All of the authentication is then done at the hardware level once the user has matched the stored profile. The inclusion of biometrics, especially if they are based on Intel’s RealSense 3D camera systems, also adds in the possibility of having machines auto-lock when the person steps away.
Overall, this is similar to Windows Hello, except with more authentication factors and the resultant matching done on the CPU. There are advantages to this method, but one of the biggest disadvantages is that it will require Skylake class hardware and newer, so you can’t deploy it to older machines. Interestingly it is available on Windows 7, 8.1, and 10, despite Windows 7 and Skylake having a rough start together.
Intel Authenticate is available now for customers to preview.