In Windows 10, Microsoft says ‘Hello’ to biometric logins
On Tuesday, Microsoft unveiled Windows Hello, a service that will let you log in to your phone, tablet, or computer with a fingerprint or a face scan.
Instead of a username and password, Windows 10 will let you log in with your finger or your face. Microsoft unveiled Windows Hello, a biometric login service, promising that it will appear in Windows 10 when the new operating system debuts later this year.
Users of Windows 10 phones, tablets, laptops, and desktop computers will be able to scan their faces, eyes, or fingerprints to use for identity verification on those devices.
People might have legitimate security concerns about uploading data as personal as their fingerprints or the irises of their eyes. What if that information gets hacked or stolen? Microsoft says the biometric data will be stored locally on each device, and never transmitted over the Internet or even shared with other users on that device. The company also said it uses enterprise-grade security to encrypt a user’s biometric data on their device.
Windows Hello requires a bit of specialized hardware to work. A laptop needs a fingerprint reader or an illuminated IR sensor to be able to recognize the user’s face in different lighting conditions. An integrated webcam won’t be enough, since it could be fooled by a picture of you or even someone who looks like you. Special high-end webcams such as the Intel RealSense F200, however, will support Windows Hello.
Logins that rely on unique physical characteristics such as a fingerprint are generally more secure than the traditional username and password combination. “Good” passwords – ones that are complex and not based on dictionary words – are tough to remember, and for that reason most people simply don’t bother making sure their passwords are strong. (One side effect of this is that many people use the same password for many different online accounts.) By contrast, an account secured with a fingerprint or a face doesn’t require the user to remember anything, and those measures are virtually impossible to hack or replicate.
In addition to Windows Hello, Microsoft also unveiled “Passport,” the codename for a system that allows users to sign in to websites and applications without sending a password to be stored on the site’s server (and potentially hacked). Passport uses a PIN or Windows Hello to verify that you own a particular phone, tablet, or computer. Once you’re verified with that device, the device authenticates you on sites that support Passport. You don’t have to send a password across the Internet, which means there’s a smaller chance that your credentials will be compromised in a data breach.
Microsoft says both Windows Hello and Passport are opt-in – so if you’d rather stick with the traditional password, you’re welcome to do so. But both services promise a meaningful increase in security for users who make the jump to Windows 10 later this year.