Microsoft has unveiled a new login and security feature in Windows 10 called Windows Hello.
The feature is all about biometric authentication, as it allows you to sign into a new device running Windows 10 with just your face or finger. It basically replaces your PIN or password by scanning your face, iris, or fingerprint in order to unlock your device. Beyond signing into devices, Windows Hello works with another new feature called Windows Passport to authenticate apps, content, and specific online experiences.
Microsoft wants to reduce the amount of complex passwords you need to remember and use. The company's entire idea apparently originated way back in the day with early versions of Kinect. Microsoft said it started developing Windows Hello then, slowly evolving the technology over the years to include Windows Passport and more, but now it's all finally ready for Windows.
How does Windows Hello work?
Windows Hello brings system-wide support for biometric authentication, and it's something Microsoft has described as much safer than traditional passwords. The only password - or key - you need to gain access to your Windows device is you (i.e., your face, iris, or fingerprint). The company said "modern sensors" will be able to recognise your unique personal characteristics in order to sign you into a supporting Windows 10 device.
Any machine with a fingerprint reader will be able to utilise Windows Hello's fingerprint-scanning functionality, though facial or iris detection requires a combination of special hardware and software. Specific cameras using infrared technology, for instance, will accurately identify your face or iris in a variety of lighting conditions (and they can even tell if someone is trying to impersonate you by using a picture of you).
So, everything works like this: Windows Hello never stores an image of your face or whatever on the device, because it locally authenticates you, then logs you into your device, and finally, unlocks Microsoft Passport (more on that later, but it cryptographically authenticates your websites and apps). Your biometric information is therefore never transmitted or used in way that can be stolen and recreated.
What is Microsoft Passport?
As part of Windows Hello, Microsoft also unveiled another new login-type feature called Microsoft Passport. It's actually a tool that will allow developers to build Windows Hello authentication into their apps, websites, and services. If they use it to add support for Windows Hello, you'll be able to use your face, iris, or fingerprint to sign into their apps, websites, and services (without the need for a password).
Microsoft said that hackers can easily get ahold of passwords, but with Passport, your login key is securely bound to hardware within your device, so the only way a hacker can steal your identity is to actually steal your device. Thus, when used in conjunction with Windows Hello, a hacker would have to not only steal your device, but also somehow bypass the face, iris, or fingerprint scanner, which is challenging.
Windows Passport will work with your Microsoft account and thousands of enterprise Azure Active Directory services at launch. On top of all that, Microsoft has announced it joined the FIDO alliance to further expand support for Passport.
Will Window Hello work on existing Windows machines?
There will - apparently - be "plenty of exciting new Windows 10 devices to choose from which will support Windows Hello", according to Microsoft, but if your device already has a fingerprint reader, you’ll be able to use Windows Hello to unlock that device. The first machines capable of supporting face or iris detection won't ship until later this year. They'll sport Intel's RealSense 3D infrared camera.
Is Windows Hello safe?
Microsoft said Windows Hello works "without a password being stored on your device or in a network server" at all. The feature also comes with enterprise-grade security that meets the requirements of some of the strictest regulations. The Redmond-based company is hoping that not only government, but also financial, health care, and other industries will use Windows Hello to enhance their overall security.
And finally, Microsoft claimed Windows Hello has less than 1-in-100,000 false accept rate, proving it can be a trusted technology for recognising and authenticating you, whether you're at work in a enterprise situation or at home as a consumer.
Want to know more?
Check out Microsoft's blog post, or watch the video above.