Two-step verification is becoming more common in Internet services, to prevent attackers from taking control of our account: instead of depending only on our password, the system also asks us to enter a code, normally sent to our mobile. Does this type of protection make sense in local programs? Microsoft believes that yes, the time has come to stop relying on one-step verification (the password) and secure our local sessions the same way we do external, or even better.
Maximum security for our session
So Windows 10 will support a new login method that will envision the use of two different factors, neither of which is a typical password. On one side, an external device such as a smartphone will be used as a credential that we are who we say we are, and serve to log in not only in Windows, but also in networks and web services; To use it, we will only have to carry it with us and it will notify all nearby Windows devices that we are present using Bluetooth or Wifi.
The second piece to log init can be a PIN number or the biometer can be used. Biometric security is well known, and it is easy to find laptops with a fingerprint reader, for example. In short, to log in to Windows 10 in the safest way, we will have to carry a smartphone associated with our account, and use a PIN or our fingerprint as a second step. Only then will the system allow us to enter; meanwhile our personal data will be encrypted to prevent a thief from simply taking and reading hard drives. We can also block our devices, as well as define that only applications that have been digitally signed can be installed to prevent the PC from filling us with malware.
Source | Windows