Greg Shultz takes a look at Windows Hello, which is Windows 10 biometric security in a native format that will essentially eliminate the need for passwords.
While not yet present in the technical preview of Windows 10, a new feature called Windows Hello will bring biometric security to Windows 10 in a native format, essentially eliminating the need for passwords. Instead, you'll be able to log into your Windows device using your face, iris, or fingerprint.
Microsoft describes Windows Hello as a technology where your devices recognize you and then let you into the system.
Along with Windows Hello, Microsoft is revising and enhancing its Microsoft Passport system to allow users to securely sign in to apps and websites without having to use a password. For instance, it will work with your Microsoft Account or Azure Active Directory Web services. Let's take a closer look.
Windows Hello works by scanning your face, iris, or fingerprint and then logging you into your device. Of course, fingerprint recognition has been around for quite a while, and there are a host of fingerprint readers currently on the market that provide biometric security access to Windows computers. However, the current crop of fingerprint readers requires additional software. With Windows Hello, the biometric security feature will be supported natively, and Microsoft claims that Windows 10 will support existing fingerprint readers. How many it will support and to what extent remains to be seen.
For the face or iris detection, new Windows 10 PCs will ship with Intel's RealSense 3D camera, an infrared camera that will be able to scan your face or iris. The facial recognition feature in Windows Hello borrows heavily from technology that Microsoft developed for Kinect, which means that while this will be a new feature in Windows, Microsoft has already spent a lot of time and effort in working out the kinks and perfecting the technology. Windows Hello will make use of infrared technology to more accurately recognize your face as you alter your look. For example, if you're a male, you may or may not have facial hair at different times; if you're a female, you may or may not wear makeup at different times. Furthermore, the infrared technology will allow the facial recognition feature to work in all kinds of lighting situations. This will make it more reliable no matter where you are—for example, on your phone outside in the sun or using your laptop in a dark corner of your living room in the evening.
According to Microsoft, Windows Hello will provide Enterprise-grade security and privacy, allowing it to adhere to strict regulations required by government, defense, financial, health care, and other related organizations, yet it will be readily available for consumers. To achieve this, Windows Hello uses an existing and proven technology called asymmetric key cryptography to authenticate users. It's the same kind of technology that powers security features in security devices like SmartCards. This technology is also used to verify web servers and by cell phones to verify networks.
The second part of this security system is Microsoft Passport. Once Windows Hello has verified who you are and provided you with access to the system, it will unlock your Microsoft Passport and allow you to instantly have access to online sites and services that require your Microsoft Account authentication. As such, Passport eliminates the need for online sites to store your password for authentication purposes. Instead of storing your passwords online where they can be stolen, the only things stored online are the public keys or one half of your encryption key. The main key is bound to your hardware device.
Microsoft also highlights that fact that there are anti-spoofing capabilities built into Windows Hello. So, for example, someone can't use a photo of you to log into your system.
In order to expand the Microsoft Passport universe to sites and services beyond those that Microsoft offers, the company joined the FIDO (Fast IDentity Online) alliance, whose mission is to change the nature of online authentication by:
- Developing technical specifications that define an open, scalable, interoperable set of mechanisms that reduce the reliance on passwords to authenticate users.
- Operating industry programs to help ensure successful worldwide adoption of the Specifications.
- Submitting mature technical Specification(s) to recognized standards development organization(s) for formal standardization.
The fact that Microsoft is essentially adopting an existing standard rather than inventing a new proprietary system for Windows 10 really shows how much the company is changing.
What's your take?
What do you think of the ideas and goals of the Windows Hello and Microsoft Passport technologies? Is this something that you'll feel comfortable using? Share your opinion in the discussion thread below.