Hacking

Windows Hello Waves Off Passwords

Microsoft on Tuesday announced Windows Hello, a feature that allows users to access computers and devices running Windows 10 via face recognition, iris identification or fingerprint matching.

In addition, the company raised the curtain on Microsoft Passport, a programming system that IT managers, software developers and website authors can use for signing in to websites and applications.

Passport uses Hello or a PIN to identify users, who then can access websites and apps deploying Passport without the need for a password.

Better still, Passport eliminates the need for passwords to be stored online where they can be stolen.

Upgrades Required

Microsoft sees Hello and Passport as a one-two punch to password authentication, which has become increasingly insecure over time.

“Today, passwords are the primary method most of us use to protect our personal information, but they are inconvenient and insecure,” noted Microsoft Operating Systems Vice President Joe Belfiore.

“They are easily hackable and even when complex they are not effective, but most of us want something easy to remember, so we either choose a simple password or end up noting it down somewhere making it less secure,” he explained.

“And to be truly secure,” Belfiore added, “you need to remember dozens of passwords to login to your many devices and services.”

There are some caveats to Windows Hello. For example, it requires a Windows 10 software upgrade, as well as hardware equipped with an Intel Real Sense 3D camera for its facial and iris recognition capabilities.

Hello will be an option — not a requirement — for Win 10 users. However, Microsoft is emphasizing that the technology is secure.

“We understand how critical it is to protect your biometric data from theft, and for this reason your ‘biometric signature’ is secured locally on the device and shared with no one but you,” said Belfiore. “It is only used to unlock your device and ‘Passport.’ it is never used to authenticate you over the network.”

Better Security, Easier Use

A biometric system like Hello has security and usability advantages over conventional passwords, noted Brett McDowell, executive director of the FIDO Alliance.

“The security advantages come from the asymmetric cryptography where the only secrets are stored on the user’s device and not in the cloud. This protects users from losing authentication credentials if a service they use is ever breached by an adversary because there are no credentials or secrets stored on a server,” he told TechNewsWorld.

“The usability advantages are more obvious,” added McDowell. “Just imagine logging into your device by looking at it or touching it. It doesn’t get much easier than that.”

Biometric authentication has been growing in popularity in the mobile phone arena, where fingerprint scanners are built into some popular phone models. It’s less popular on the desktop, though, where scanners need to be purchased separately. The inclusion of facial and iris recognition in Windows may boost the popularity of biometric authentication on computing devices.

“I’m a fan of the facial recognition and iris technology because it’s using something already in these devices — a camera,” said Jim McGregor, founder and principal analyst at Tirias Research.

“It’s also not dealing with touch,” he told TechNewsWorld. “Whenever you touch something, you have all kinds of issues with electrostatic discharge, chemical residue and dirt.”

Promises, Promises

In the past, Microsoft has been known to tout features in an upcoming version of Windows that never made it into the product when released — but that doesn’t seem to be the case with Windows 10, McGregor said.

“This time, instead of making a lot of claims up front about Windows, Microsoft is slowly leaking things out about it,” he noted. “I’m hoping that means that they’re fairly sure that all these solutions they’re working on will be in Windows 10.”

The addition of biometric authentication to Windows 10 may influence the operating system’s popularity but not its sales.

“It’s not going to drive sales by itself,” said Greg Sterling, vice president of strategy and insight for the Local Search Association.

“I don’t think somebody who’s deciding between a Mac or a PC or a Chromebook will say this feature will make the difference in what I buy. It may tip the scales a little bit, but it’s not going to have a big impact on the buying decision,” he told TechNewsWorld.

“The big deal here is that biometric authentication is becoming a trend,” he added. “We’re going to see more of these biometric capabilities being introduced.”

John Mello is a freelance technology writer and contributor to Chief Security Officer magazine. You can connect with him on Google+.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
More in Hacking

Technewsworld Channels