The Redmond giant conformed it had reached an agreement with RSA under which users of the operating system can sign onto a computer using RSA's SecurID instead of using static passwords. The SecurID token is the size of a key fob and generates a random number that is synchronised with a central server. Users have to enter a four-digit PIN and the code from the token to access both the network and the OS once ctrl-alt-del keys have been pressed.
"Despite highly publicized corporate security breaches caused by individuals who have circumvented password systems, many companies still rely on them for user access to desktops and the network domain," said Art Coviello, president and CEO at RSA Security.
He added his company was working with Microsoft to give users an alternative to static password so helping avoid catastrophic security breaches.
The company had been selling the product for years but the agreement means it is now integrated directly into the OS.
Analysts welcomed the move and added it could bring management costs under control.
"While users express frustration about their multiple, ever-changing passwords and IT managers worry about poor security, the cost of managing these systems is escalating out of control," said John Girard, vice president and research director at Gartner, Inc, a research and advisory firm.
Girard added merging token authentication with the operating system gave users the benefits of one-time passwords without having to remember multiple passwords, and without needing to be online to a central authentication service.
RSA Security anticipates that it will begin limited beta testing in the second quarter of 2004 and it expects that the product will be commercially available in the third quarter of 2004.