How to enable anti-spoofing protection for Windows Hello Face on Windows 11

Windows 11 includes an option to improve the security of facial recognition when using Windows Hello, and here's how to enable it.

Avatar for Mauro Huculak
By (@Pureinfotech) , Windows How-To Expert and IT Specialist with 21 years of experience.
Pureinfotech Logo
Windows Hello Face anti-spoofing feature
Windows Hello Face anti-spoofing feature / Image: Mauro Huculak

On Windows 11, you can enhance the sign-in experience using the Windows Hello facial recognition with the anti-spoof protection feature, and in this guide, I’ll explain the steps to complete this configuration.

Windows Hello offers enhanced facial recognition protection, an anti-spoofing feature designed to make it significantly harder for malicious actors to use photos or videos to trick the system into unlocking.

It’s important to note that enabling enhanced anti-spoofing can affect the usability of external cameras for Windows Hello facial recognition. As a result, devices without advanced hardware might struggle or fail to authenticate. Also, a poorly lit environment might make facial recognition more challenging due to the increased standard for recognition.

If this feature is enabled and negatively affects your sign-in experience, it’s best to disable it.

In this guide, I’ll outline the different ways to turn on facial recognition protection for Windows Hello on Windows 11.

Warning: Before proceeding, it’s crucial to acknowledge the risks associated with modifying the Windows Registry. Incorrect changes can lead to system instability or operational issues. Therefore, ensure you have a full system backup before making any changes. Proceed with caution and understanding.

Enable Windows Hello facial recognition protection from Settings

To enable anti-spoofing protection for Windows Hello Face, follow these steps:

  1. Open Settings on Windows 11.

  2. Click on Accounts.

  3. Click the Sign-in options page.

  4. Click the “Facial recognition (Windows Hello)” setting.

  5. (Option 1) Check the “Enhanced facial recognition protection” option to enable the anti-spoofing feature.

    Enable Enhance facial recognition protection feature

  6. (Option 2) Clear the “Enhanced facial recognition protection” option to disable the anti-spoofing feature.

  7. Click the Restart now button.

Once you complete the steps, the system will be less vulnerable to spoofing the face recognition experience.

Enable Windows Hello facial recognition protection from Group Policy

To enable anti-spoofing protection for Windows Hello Face on Windows 11 Pro, Enterprise, or Education, follow these steps:

  1. Open Start.

  2. Search for gpedit and click the top result to open the Local Group Policy Editor.

  3. Open the following path:

    Computer Configuration > Administrative Templates > Windows Components > Biometrics > Facial Features

  4. Right-click the Configure enhanced anti-spoofing policy and choose the Edit option.

    Group Policy edit Configure enhanced anti-spoofing setting

  5. Select the Enabled option.

    Group Policy enable Windows Hello Face protection

  6. Click the Apply button.

  7. Click the OK button.

  8. Restart the computer.

After you complete the steps, the enabled protection for Windows Hello Face will turn on.

If you change your mind, you can always turn off the feature using the same instructions, but in step 6, choose the “Not Configured” option.

Enable Windows Hello facial recognition protection from Registry

To enable anti-spoofing protection for Windows Hello Face with the Registry, follow these steps:

  1. Open Start.

  2. Search for regedit and click the top result to open the Registry Editor.

  3. Open the following path:

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\

  4. Right-click the Microsoft key, select the New menu and choose the Key option.

    Registry create Biometrics key

  5. Confirm the Biometrics name for the key and press Enter.

  6. Right-click the Biometrics key, select the New menu, and choose the Key option.

  7. Confirm the FacialFeatures name for the key and press Enter.

  8. Right-click the FacialFeatures key, select the New menu, and choose the “DWORD (32-bit) Value” option.

    Registry create EnhancedAntiSpoofing DWORD

  9. Confirm the EnhancedAntiSpoofing name for the key and press Enter.

  10. Right-click the newly created key and choose the Edit option.

  11. Change the value from 0 to 1.

    Windows 11 enable Hello face protection

  12. Click the OK button.

  13. Restart the computer.

Once you complete the steps, the facial recognition protection for Windows Hello should now be enabled on the computer.

If you want to disable the feature, you can use the instructions, but in step 5, right-click and delete the “Biometrics” key or set the value of the “EnhancedAntiSpoofing” DWORD from 1 to 0.

About the author
Avatar for Mauro Huculak

Mauro Huculak is a Windows How-To Expert and founder of (est. 2010). With over 21 years as a technology writer and IT Specialist, Mauro specializes in Windows, software, and cross-platform systems such as Linux, Android, and macOS.

Certifications: Microsoft Certified Solutions Associate (MCSA), Cisco Certified Network Professional (CCNP), VMware Certified Professional (VCP), and CompTIA A+ and Network+.

Mauro is a recognized Microsoft MVP and has also been a long-time contributor to Windows Central.

You can follow him on YouTube, Threads, BlueSky, X (Twitter), LinkedIn and About.me. Email him at [email protected].