Microsoft announces today a new, more personal way to sign-in to Windows 10 devices, apps, and websites, killing passwords once and for all. The new feature is called “Windows Hello” and it is a biometric authentication method, where users will be able to use their face, iris, or fingerprint to unlock a password-protected Windows 10 device.
In addition, another separate feature codenamed “Passport” will help users to securely sign-in to apps, enterprise content, and online services without ever typing a password.
Windows Hello will only require you to show your face in front of the device, to touch with your finger, to immediately be recognized; and according to Microsoft, this method is even more secure. All without storing a password on your device or in a network server.
How does it work? Windows Hello works by intelligently scanning your face, iris, or fingerprint to unlock a device, replacing a PIN or password. This forms of authentication in addition to the actual device, creates a two-factor authentication, which makes it a very secure way of authentication.
The downside is that not every device supporting Windows 10 will be able to use face recognition to authenticate, which is why Microsoft will still support existing fingerprint readers. In order to use Windows Hello, all new devices will need to have Intel’s RealSense 3D camera or compatible hardware to use facial recognition or iris scan, because in combination with software and infrared technology, Windows Hello can verify if it’s you, someone else, or a picture.
Microsoft assures that Windows Hello has been created with privacy in mind. The new feature is “enterprise-grade” that meets the requirements of organizations with the most strictest requirements and regulations. “It’s a solution that government, defense, financial, healthcare and other related organizations will use to enhance their overall security, with a simple experience designed to delight.” Microsoft’s Joe Belfiore states.
The company adds that this is a “1 in over a 100,000 false accept rate” solution. To achieve this, the new feature never sends over the network an image of your fingerprint or iris scan, instead it uses asymmetric encryption keys to accurately verify who you are locally.
Alongside Windows Hello, Microsoft is introducing Passport, which it’s a new way to enable users to sign-in to apps and websites securely without a password. Belfiore explains, “Instead of using a shared or shareable secret like a password, Windows 10 helps to securely authenticate to applications, websites and networks on your behalf — without sending up a password. Thus, there is no shared password stored on their servers for a hacker to potentially compromise.”
Microsoft Passport works in combination with another form of authentication, which can be either a PIN or using Windows Hello. Once you’re authenticated with Passport, you’ll be able to instantly get access to websites and other online services, such as email, social networking sites, banks, business networks, and more.
“Passport also will work with thousands of enterprise Azure Active Directory services at launch, and Microsoft has joined the FIDO alliance to support replacing passwords with a growing set of financial, consumer, and other security services over time.”
Windows Hello will arrive to PCs, tablets, and phones that feature compatible hardware once Windows 10 releases later this year. If you like the idea to use facial recognition to sign-in your PC, you can start looking for devices that include Intel’s RealSense 3D Camera (F200), which will make the device compatible with Windows Hello.