Windows Hello

Signal Alliance Limited
5 min readJan 6, 2021

--

Say goodbye to passwords with Windows Hello.

Use your face, fingerprint or companion device instead of a password to sign in faster and more securely to your Windows devices, apps and Microsoft Edge websites.

CONTACT US for set-up

Reports of identity theft and large-scale hacking are frequent headlines. And nobody wants to be notified that their username and password have been exposed.

You may wonder how a PIN can help protect a device better than a password. Passwords are shared secrets; they are entered on a device and transmitted over the network to the server. An intercepted account name and password can be used by anyone, anywhere. Because they’re stored on the server, a server breach can reveal those stored credentials.

Windows Hello replaces passwords. When the identity provider supports keys, the Windows Hello provisioning process creates a cryptographic key pair bound to the Trusted Platform Module (TPM), if a device has a TPM 2.0, or in software.

Windows Hello is a password-free sign-in that gives you fastest , most secure way to unlock your Windows devices. Windows Hello is a more personal, more secure way to get instant access to your Windows 10 devices using fingerprint, facial recognition, or a secure PIN, it recognizes you apart from others. Most PC’s with fingerprint readers already work with Windows Hello, making it easier and safer to sign into your PC.

Windows Hello requires specialized hardware, including fingerprint reader, illuminated IR sensor or other biometric sensors and capable devices.

But not every PC has Windows Hello capability. So before you buy a new computer, expecting to sign in with Windows Hello, it’s a good idea to learn more about it.

Windows Hello is designed for both large enterprises and consumers. During Microsoft’s Ignite 2017 conference, Microsoft announced that more than 37 million people were already using Windows Hello and more than 200 companies had deployed Windows Hello for Business. At the time, the largest enterprise deployment outside of Microsoft’s IT team comprised more than 25,000 users, according to the company.

The sign-in mechanism is essentially an alternative to passwords and is widely considered to be a more user friendly, secure and reliable method to access critical devices, services and data than traditional logins using passwords.

Traditional passwords are unsafe as they are hard to remember, and therefore people either choose easy-to-guess passwords or write down their passwords. Therefore, Windows Hello solves security and inconvenience problems.

It is not uncommon for people to use the same password (or variations) across multiple sites and applications. Windows Hello and other biometric authentication features is designed to offer an alternative to passwords that is unique and more secure because it relies on technology that’s harder to break.

Why would you want Windows Hello?

For one, security is always better in threes — the best method of authentication is to provide something you have, something you know, and something you are. In this case, Windows Hello can authenticate users by satisfying all three rules: something you have (your private key, which is protected by your device’s security module), something you know (the PIN that is used by default by Windows Hello from the point of registration onward), and something you are (either your face, which is exceedingly difficult to copy and use in a malicious way, or your fingerprint, which again without removing digits is difficult to copy and use nefariously).

In this age of password abundance (and human forgetfulness), security-minded users realize that a fingerprint, facial recognition or an iris scan to gain access to devices, important accounts and data is likely to be a safer option. Even so, the password remains the most frequently used sign-in mechanism, but also a source of frustration for end users.

What is most interesting is that all of these biometrics are stored on the local device only and are not centralized into the directory or some other authentication source; this means credential harvesting attacks are no good against Windows Hello-enabled accounts simply because the credentials do not exist in the place that would be hacked. While it is technically possible each device’s trusted platform module, or TPM, could be hacked, an attacker would have to crack each individual user’s machine, versus simply executing a successful attack against a single vulnerable domain controller.

Microsoft is embracing a future without passwords by building Windows Hello into the platform experience and enabling multi-factor authentication in first- and third-party applications.

Microsoft is working with a growing number of service providers to give its users a more seamless method to authenticate multiple accounts of importance with Windows Hello. There’s a small group of Windows Hello-compatible apps on the market today. Among the apps that can use Windows Hello now are Dropbox, Enpass, OneDrive, One Messenger and OneLocker Password Manager.

How to get Windows Hello?

Microsoft introduced Windows Hello in 2015, and while there are tablets, laptops, and desktop computers with Hello built in, most computers still don’t have it. To know more about these devices, CONTACT US.

If you want to take advantage of Windows Hello, one way to do that is to buy a new computer that comes with a Hello camera or fingerprint reader. You can study up on new computers to see if Windows Hello is listed in the features, or check out a page that Microsoft maintains, which lists PCs that feature Windows Hello.

In addition to those, most Microsoft Surface computers come with Windows Hello as well.

How Does Windows Hello Keep Your Info Private?

To access your sign-in options, go to Start Menu > Settings > Accounts > Sign-in options. On the Sign-in options page, the following sign-in methods are available:

  • Windows Hello Face
  • Windows Hello Fingerprint
  • Windows Hello PIN
  • Security key
  • Password
  • Picture password

You’ll also find these settings:

  • Require sign-in — Requires you to sign in to your device after being away.
  • Dynamic lock — Automatically locks your device when you’re away.
  • Privacy — Shows or hides personal info on the sign-in screen, and allows your device to use your sign-in info to reopen your apps after an update or restart.

Need more help? CONTACT US

--

--

Signal Alliance Limited
0 Followers

Signal Alliance is one of the leading Technology Integrators for corporate organizations in Nigeria.