It was a while since my last article on the blog.

Due to the private things that I had to figure out, I left for a month this blog and articles.
But not, I’m back stronger and with more power to work on those materials.

So let’s say Hello to the new series regarding Windows Hello

In this series, together with my colleague Bartlomiej Kosiak we are going to touch on three aspects of Windows Hello Implementation:

  • Windows Hello for ‘home’ users (this article)
  • Windows Hello for Business with Hybrid AD Join model (upcoming article)
  • Windows Hello for Business with Azure AD Join model (upcoming article)

Why password is bad / not good?

I remember the time when I was working on a Help Desk / Service Desk / Students Service Center ­čÖé a couple of years ago. Most of the time was spent on the passwords resetting for users who forgot it or lost it…

At that time I will give 100 $ to the person who will make it easier and get rid of passwords somehow.

Everybody (or most of the people) knows that if someone has to create a new password it will be:

  • either an iteration of the old password
  • a mix of simple things like dates, names, places
  • or something like the figure below
Figure delivered via https://me.me

In order to avoid this, we can block ‘bad’/’simple’/’easy to guess’ passwords or implement something that we all know from our credit cards or mobile phones which is PIN.
If you want to see what are the TOP 1000 most common passwords for 2020 check this link:
https://github.com/DavidWittman/wpxmlrpcbrute/blob/master/wordlists/1000-most-common-passwords.txt

On the other hand, you can still use password generators and password managers if you want, but the goal of this article is to show you how we can cover passwords with modern methods.

What is Windows Hello?

According to the Microsoft website Windows Hello is

a more personal, more secure way to get instant access to your Windows 10 devices using fingerprint, facial recognition, or a secure PIN. Most PC’s with fingerprint readers already work with Windows Hello, making it easier and safer to sign in to your PC

https://support.microsoft.com/en-us/windows/learn-about-windows-hello-and-set-it-up-dae28983-8242-bb2a-d3d1-87c9d265a5f0

So, in other words, we can hide our old fashioned password behind:

  • Something we know – PIN
  • Something we have – Security keys and Cards
  • Something we are – Facial Recognition, Fingerprint, and Retina

The figure below depicted the differences between passwords, 2FA/MFA, and passwordless authentication in 2 dimensions: security and convenience

Passwords matrix

Windows Hello benefits

Let’s sum up benefits of the Windows Hello usage:

  • It is a built-in capability in Windows 10 (from version 1607)
  • Integrates with Microsoft Passport service
  • Speed up the login process
  • Enhance security
  • Make work easier
  • Allows to mask password with biometry

Windows Hello requirements

Based on the Windows Hello configuration below, you can find the list of the requirements:

  • Windows 10 (from OS version 1607+)
  • Fingerprint sensor
  • Windows Hello compatible camera
  • TPM Module ( it is required for Windows Hello For business)

Windows Hello notice

Before we go deeper with the configuration, I want to remind you of one thing.
Windows Hello has to be configured for the user on each device that he has access to using his login.
If the user has four devices, he has to configure Windows Hello four times within his user account.

Windows Hello configuration

When we are 100% sure that Windows Hello requirements are met within our workstation, the next step is to go to Windows Settings

Windows Settings

Then click on the Accounts area

Windows Settings – Account area

On Your info screen, click Sign-In options from the left side menu

User Info settings

You will be moved to the Sign-in options screen, where you can find three Windows Hello related options:

  • Windows Hello Face – Windows Hello compatible camera will take a picture of your face
  • Windows Hello fingerprint – Windows Hello will scan your fingerprint
  • Windows Hello PIN – Windows Hello will ask you for a pin.
Sing-in options

Windows Hello PIN

The easiest and costless part of Windows Hello implementation is PIN usage.
I order to configure it, please follow steps from the Windows Hello configuration section, and on the Sign-in options screen, select Windows Hello PIN and click Add

Sign-in options
Adding Windows Hello PIN

You will be prompted to enter your account password

Providing account password

On Set up a PIN screen, you have to provide a PIN twice.
Please remember that PIN is covered by password complexity, so you will not be able to provide easy-to-guess values.

Providing PIN
Completed configuration

From this moment, you can use a PIN instead of the password on the workstation.

Windows Hello Face

When you have a workstation that has a camera compatible with Windows Hello, you can use Face to cover your password.
Same like in the section above, please follow steps from the Windows Hello configuration section, and on the Sign-in options screen, select Windows Hello Face and click Set up.

Windows Hello Face
Windows Hello Face set up

On the new screen Welcome to Windows Hello, click Get Started

Getting started with Windows Hello Face

Provide PIN and get ready for a face scan

Providing PIN
Windows Hello Face scan

After face scan, you will be informed that everything was configured properly.

Successful Windows Hello Face configuration

From now during the Windows Logon process, you can use your camera to log in to the system.

Windows Hello Fingerprint

To start configuration, please follow steps from the Windows Hello configuration section, and on the Sign-in options screen, select Windows Hello Fingerprint and click Set up

Windows Hello Fingerprint configuration

On the Windows Hello setup screen click Get started

Windows Hello Fingerprint configuration

Touch the fingerprint sensor with the first finger.

Scanning fingerprint
Scanning fingerprint
Scanning fingerprint
Scanning fingerprint

After scanning, you will be informed that fingerprint scanning was completed, and you can now use the Windows Hello Fingerprint feature.

Successful fingerprint configuration

Now you can use a fingerprint instead of an account password.

Summary

In this article, we went through the Windows Hello basic configuration.

The main takeaways are:

  • Windows Hello covers password with PIN, fingerprint, face scan
  • Windows Hello is working on the device where it is configured
  • Windows Hello is a built-in feature

Stay tuned for the next article related to Windows Hello for Business – Hybrid AD join.

Write A Comment