Say goodbye to passwords with Windows Hello.

Use your face, fingerprint or companion device instead of a password to sign in faster and more securely to your Windows devices, apps and Microsoft Edge websites.

CONTACT US for set-up.

Reports of identity theft and large-scale hacking are frequent headlines. And nobody wants to be notified that their username and password have been exposed.

You may wonder how a PIN can help protect a device better than a password. Passwords are shared secrets; they are entered on a device and transmitted over the network to the server. An intercepted account name and password can be used by anyone, anywhere. Because they’re stored on the server, a server breach can reveal those stored credentials.

Windows Hello replaces passwords. When the identity provider supports keys, the Windows Hello provisioning process creates a cryptographic key pair bound to the Trusted Platform Module (TPM), if a device has a TPM 2.0, or in software.

Windows Hello is a password-free sign-in that gives you fastest , most secure way to unlock your Windows devices. Windows Hello is a more personal, more secure way to get instant access to your Windows 10 devices using fingerprint, facial recognition, or a secure PIN, it recognizes you apart from others. Most PC’s with fingerprint readers already work with Windows Hello, making it easier and safer to sign into your PC. 

Windows Hello requires specialized hardware, including fingerprint reader, illuminated IR sensor or other biometric sensors and capable devices.

But not every PC has Windows Hello capability. So before you buy a new computer, expecting to sign in with Windows Hello, it’s a good idea to learn more about it.

Windows Hello is designed for both large enterprises and consumers. During Microsoft’s Ignite 2017 conference, Microsoft announced that more than 37 million people were already using Windows Hello and more than 200 companies had deployed Windows Hello for Business. At the time, the largest enterprise deployment outside of Microsoft’s IT team comprised more than 25,000 users, according to the company.

The sign-in mechanism is essentially an alternative to passwords and is widely considered to be a more user friendly, secure and reliable method to access critical devices, services and data than traditional logins using passwords.

Traditional passwords are unsafe as they are hard to remember, and therefore people either choose easy-to-guess passwords or write down their passwords. Therefore, Windows Hello solves security and inconvenience problems.

It is not uncommon for people to use the same password (or variations) across multiple sites and applications. Windows Hello and other biometric authentication features is designed to offer an alternative to passwords that is unique and more secure because it relies on technology that’s harder to break.

Why would you want Windows Hello?

For one, security is always better in threes — the best method of authentication is to provide something you have, something you know, and something you are. In this case, Windows Hello can authenticate users by satisfying all three rules: something you have (your private key, which is protected by your device’s security module), something you know (the PIN that is used by default by Windows Hello from the point of registration onward), and something you are (either your face, which is exceedingly difficult to copy and use in a malicious way, or your fingerprint, which again without removing digits is difficult to copy and use nefariously).

In this age of password abundance (and human forgetfulness), security-minded users realize that a fingerprint, facial recognition or an iris scan to gain access to devices, important accounts and data is likely to be a safer option. Even so, the password remains the most frequently used sign-in mechanism, but also a source of frustration for end users.

What is most interesting is that all of these biometrics are stored on the local device only and are not centralized into the directory or some other authentication source; this means credential harvesting attacks are no good against Windows Hello-enabled accounts simply because the credentials do not exist in the place that would be hacked. While it is technically possible each device’s trusted platform module, or TPM, could be hacked, an attacker would have to crack each individual user’s machine, versus simply executing a successful attack against a single vulnerable domain controller.

Microsoft is embracing a future without passwords by building Windows Hello into the platform experience and enabling multi-factor authentication in first- and third-party applications.

Microsoft is working with a growing number of service providers to give its users a more seamless method to authenticate multiple accounts of importance with Windows Hello. There’s a small group of Windows Hello-compatible apps on the market today. Among the apps that can use Windows Hello now are Dropbox, Enpass, OneDrive, One Messenger and OneLocker Password Manager.

How to get Windows Hello?

Microsoft introduced Windows Hello in 2015, and while there are tablets, laptops, and desktop computers with Hello built in, most computers still don’t have it. To know more about these devices, CONTACT US.

If you want to take advantage of Windows Hello, one way to do that is to buy a new computer that comes with a Hello camera or fingerprint reader. You can study up on new computers to see if Windows Hello is listed in the features, or check out a page that Microsoft maintains, which lists PCs that feature Windows Hello

In addition to those, most Microsoft Surface computers come with Windows Hello as well.

How Does Windows Hello Keep Your Info Private?

To access your sign-in options, go to Start Menu Settings  > Accounts  > Sign-in options. On the Sign-in options page, the following sign-in methods are available:

  • Windows Hello Face
  • Windows Hello Fingerprint
  • Windows Hello PIN
  • Security key
  • Password
  • Picture password

You’ll also find these settings:

  • Require sign-in—Requires you to sign in to your device after being away.
  • Dynamic lock—Automatically locks your device when you’re away.
  • Privacy—Shows or hides personal info on the sign-in screen, and allows your device to use your sign-in info to reopen your apps after an update or restart.

Need more help? CONTACT US

Windows Hello and privacy

Windows Hello lets you sign in to your devices, apps, online services, and networks using your face, iris, fingerprint, or a PIN. Even if your Windows 10 device can use Windows Hello biometrics, you don’t have to. If it’s the right choice for you, you can be rest assured that the info that identifies your face, iris, or fingerprint never leaves your device. Windows does not stores pictures of your face, iris, or fingerprint on your device or anywhere else.

What data is collected, and why

When you set up Windows Hello biometrics, it takes the data from the face camera, iris sensor, or fingerprint reader and creates a data representation—or graph—that is then encrypted before it’s stored on your device.

To help keep things working properly, to help detect and prevent fraud, and to continue improving Windows Hello, diagnostic data about how people use Windows Hello is collected. For example, data about whether people sign in with their face, iris, fingerprint, or PIN; the number of times they use it; and whether it works or not is all valuable information that helps us build a better product. The data is pseudonymous, does not include biometric information, and is encrypted before it’s transmitted to Microsoft. You can choose to stop sending diagnostic data to Microsoft at any time. 

To manage Windows Hello

To turn on Windows Hello, go to Start Menu  > Settings  > Accounts  > Sign-in options, select the Windows Hello method that you want to set up, and then select Set up. If you don’t see Windows Hello in Sign-in options, then it may not be available for your device.

To remove Windows Hello and any associated biometric identification data from the device, go to Start Menu  > Settings  > Accounts  > Sign-in options. Select the Windows Hello method you want to remove, and then select Remove.

To manage a security key

A security key is a hardware device that you can use instead of your user name and password to sign in on the web. Since it’s used in addition to a fingerprint or PIN, even if someone has your security key, they won’t be able to sign in without the PIN or fingerprint that you create. Security keys are usually available for purchase from retailers that sell computer accessories.

To set up a security key, go to Start Menu  > Settings  > Accounts  > Sign-in options, and select Security Key. Select Manage and follow the instructions.

To manage a password

To change your password, go to Start Menu  > Settings  > Accounts  > Sign-in options. Select Password, and then select Change.

To manage when you’re required to sign in

Go to Start Menu  > Settings  > Accounts  > Sign-in options. Under Require sign-in, select an option for when Windows should require you to sign in again.

To manage Dynamic lock

Windows can use devices that are paired with your PC to help detect when you’re away, and lock your PC shortly after your paired device is out of Bluetooth range. This makes it more difficult for someone to gain access to your device if you step away from your PC and forget to lock it.

  1. On your Windows 10 PC, select Start Menu  > Settings  > Accounts  > Sign-in options.
  2. Under Dynamic lock, select the Allow Windows to automatically lock your device when you’re away check box.
  3. Use Bluetooth to pair your phone with your PC. 

Once they’re paired, take your phone with you when you walk away, and your PC will automatically lock a minute or so after you’re out of Bluetooth range. 

To show your account details on the sign-in screen

Go to Start Menu  > Settings  > Accounts  > Sign-in options. Under Privacy, turn the first setting On if you want to show your account details on the sign-in screen.

To automatically finish setup after an update

Go to Start Menu  > Settings  > Accounts  > Sign-in options. Under Privacy, turn the second setting On if you want to use your sign-in info to automatically finish setting up your device after an update or restart.