Microsoft says Hello to biometric security

By Email Sarah Clark nfcworld.com Published 18 March 2015, 17:38 • Last updated 18 March 2015, 17:38

Microsoft Hello biometric authentication

BIOMETRICS: Windows Hello will ship with new edition of the operating system “this summer”

Windows 10 users will be able to use biometric technology to secure access to their devices, Microsoft has announced. Windows Hello will support face, iris and fingerprint verification and will ship with the new edition of the operating system “this summer”.

“When we started building Windows 10, the team spent a lot of time and energy thinking about how to make computing more personal. We want your devices to recognize you, to understand what you’re saying… we want the experience to go wherever you do and we want you to feel a great sense of trust as you go,” says Joe Belfiore, corporate vice president at Microsoft’s operating systems group.

“With Windows Hello, you’ll be able to just show your face, or touch your finger, to new devices running Windows 10 and be immediately recognized. And not only is Windows Hello more convenient than typing a password — it’s more secure. Our system enables you to authenticate applications, enterprise content and even certain online experiences, without a password being stored on your device or in a network server at all.”

Specialized hardware such as fingerprint readers, infrared cameras and “other biometric sensors” will be required to use Windows Hello, Belfiore adds.

“We’re working closely with our hardware partners to deliver Windows Hello capable devices that will ship with Windows 10 and we are excited to announce that all OEM systems incorporating the Intel RealSense 3D Camera (F200) will support the facial and iris unlock features of Windows Hello.

“And, if your device already has a fingerprint reader, you’ll be able to use Windows Hello to unlock that device. For facial or iris detection, Windows Hello uses a combination of special hardware and software to accurately verify it is you — not a picture of you or someone trying to impersonate you.”

Windows 10 will also make use of biometric security to protect access to Passport, “a programming system that IT managers, software developers and website authors can use to provide a more secure way of letting you sign in to their sites or apps,” Belfiore adds.

“Instead of using a shared or shareable secret like a password, Windows 10 helps to securely authenticate to applications, websites and networks on your behalf — without sending a password. Thus, there is no shared password stored on their servers for a hacker to potentially compromise.

“Windows 10 will ask you to verify that you have possession of your device before it authenticates on your behalf, with a PIN or Windows Hello on devices with biometric sensors. Once authenticated with Passport, you will be able to instantly access a growing set of websites and services across a range of industries — favorite commerce sites, email and social networking services, financial institutions, business networks and more.”

A video shows how Microsoft expects Windows Hello and Passport to work together to secure access to online content, applications and devices:

“Passport also will work with thousands of enterprise Azure Active Directory services at launch, and Microsoft has joined the Fido Alliance to support replacing passwords with a growing set of financial, consumer and other security services over time,” Belfiore says.

“Windows 10 will also have industry-leading security and identity protection for enterprises, so they can deploy new Windows 10 devices with hardware necessary to use Windows Hello, enabling enterprise-grade protection of the device and more secure password-free authentication to the enterprise line of business applications.

“Using Windows Hello and Passport is your choice and you control whether to opt in to use it. We understand how critical it is to protect your biometric data from theft, and for this reason your ‘biometric signature’ is secured locally on the device and shared with no one but you. It is only used to unlock your device and Passport, it is never used to authenticate you over the network.”