Windows Hello is a biometrics-based technology that enables Windows 10 users to authenticate secure access to their devices, apps, online services and networks with just a fingerprint, iris scan or facial recognition.
The sign-in mechanism is essentially an alternative to passwords and is widely considered to be a more user friendly, secure and reliable method to access critical devices, services and data than traditional logins using passwords.
“Windows Hello solves a few problems: security and inconvenience,” said Patrick Moorhead, president and principal analyst at Moor Insights & Strategy.
“Traditional passwords are unsafe as they are hard to remember, and therefore people either choose easy-to-guess passwords or write down their passwords.”
It is not uncommon for people to use the same password (or variations) across multiple sites and applications. Windows Hello and other biometric authentication features like Apple’s Face ID or Touch ID are designed to offer an alternative to passwords that is unique and more secure because it relies on technology that’s harder to break.
How Windows Hello works
Windows Hello limits the attack surface for Windows 10 by eliminating the need for passwords and other methods under which identities are more likely to be stolen.
“Windows Hello lets a user authenticate a Microsoft account or a non-Microsoft service that supports Fast Identity Online (FIDO) by having the user set up a gesture” such as a facial scan, iris scan or fingerprint to log into a device, said Anoosh Saboori, senior program manager lead at Microsoft.
“Windows Hello uses 3D structured light to create a model of someone’s face and then uses anti-spoofing techniques to limit the success of people creating a fake head or mask to spoof the system,” Moorhead said.
Windows 10 users can set up Windows Hello in the sign-in options under account settings. Users need to establish a facial scan, iris scan or fingerprint to get started, but they can always improve those scans, and add or remove additional fingerprints.
Once set up, a glance at their device or scan of a finger will unlock access to Microsoft accounts, core applications and third-party applications that use the API.
“By adopting [the] FIDO specification, partners will be delivering differentiated and innovative Windows Hello companion devices that meet the needs of both consumers and businesses, including those in heavily regulated industries,” said Saboori.
The FIDO specification was developed in 2014 by the FIDO Alliance, which now includes more than 250 companies, but was founded by PayPal, Lenovo, Nok Nok Labs, Validity Sensors, Infineon and Agnitio.
FIDO authentication technology is available in hundreds of devices today, according to the group.
Who uses Windows Hello?
Windows Hello is designed for both enterprises and consumers, and is gaining traction on both fronts. During Microsoft’s Ignite 2017 conference in September, the company announced more than 37 million people were already using Windows Hello and more than 200 companies had deployed Windows Hello for Business.
At the time, the largest enterprise deployment outside of Microsoft’s IT team comprised more than 25,000 users, according to the company.
“Biometric fingerprint scanning is prevalent in the enterprise, but the issue is that it’s not readily used,” Moorhead said.
Every major vendor has systems using Windows Hello, according to Moorhead, but market penetration is much lower than needed to start the process of replacing passwords for all Windows 10 users.
Though Windows Hello has a sizeable user base, it is dwarfed by the massive Windows 10 install base. If Microsoft can convert the majority of Windows 10 users to Windows Hello, it would be a watershed moment in the battle against clunky passwords.
Why would you want Windows Hello?
Passwords, in short, are a drag. In this age of password abundance (and human forgetfulness), security-minded users realise that a fingerprint, facial recognition or an iris scan to gain access to devices, important accounts and data is likely to be a safer option.
Even so, the password “remains the most frequently used sign-in mechanism, but also a source of frustration for end users,” said Raul Castañon-Martinez, senior analyst at 451 Research.
Moving from traditional passwords to stronger forms of authentication is “one of the great challenges that we face in online computing,” said Saboori. “[Microsoft] is embracing a future without passwords by building Windows Hello into the platform experience and enabling multi-factor authentication in first- and third-party applications.”
Microsoft is working with a growing number of service providers to give its users a more seamless method to authenticate multiple accounts of importance with Windows Hello.