What is Windows Hello? Are Password-Free Logins the Future?

What is Windows Hello? Are Password-Free Logins the Future?

From the first time you log into your computer at the beginning of the day to nearly every cloud-based application or account you need to access afterwards, passwords are the main way you get in.

Password management has become a major issue for companies as data breaches become more common and often stolen or hacked passwords are the way that hackers access your data. While 66% of IT security professionals agree it’s important to protect passwords, 51% say it’s too difficult to manage them.

This is the common problem that companies face: They need employees to create strong and unique passwords for every business application login, but trying to remember them all is nearly impossible, especially if they contain a combination of letters, numbers, and symbols.

The password conundrum is the reason that password-free logins are becoming more widespread in the cloud computing world. Biometrics are now being enabled by more systems as a way to overcome the problem with passwords and go to a faster and more secure authentication system.

Part of the push to move beyond passwords as an authentication standard is coming from Microsoft in the form of Windows Hello. 

How Does Windows Hello Work?

Windows Hello is a protocol that allows the user to log into a Windows device and multiple other applications using facial recognition or a fingerprint scan. Microsoft states that you can log into your Windows device 3x faster with Windows Hello than using a password.

The system can use a fingerprint scanner or the camera on your computer to enable biometric authentication that allows you to bypass passwords when logging into:

  • Your computer
  • Mobile device
  • Applications
  • Websites
  • Making in-app purchases

While there aren’t really many statistics yet on the security comparison between passwords and biometrics, many people feel that biometrics offer more security than passwords since they can’t be hacked in the same way.

For companies, Windows Hello for Business offers a much more streamlined authentication option that saves time while also helping increase network security. It also reduces the time spend going through lost password prompts.

Windows Hello for Business

If you are using Windows 10 you can replace device logins with user biometric authentication to an Active Directory or Azure Active Directory account by using Windows Hello for Business. You can use a cloud-only deployment or hybrid deployment.

Microsoft states that Windows Hello is designed to solve the following problems with passwords:

  • Strong passwords are difficult to remember
  • Users often reuse passwords on multiple sites
  • Server breaches can expose login credentials
  • Passwords are subject to replay attacks
  • Passwords can be exposed due to human error

The two main biometrics used for Windows Hello logins are facial recognition and fingerprint scanning. Here’s how they work.

  • Facial recognition: Special cameras that can see in IR light have the ability to tell the difference between a real person and a photograph. Windows Hello can work with both special external cameras and some cameras installed on laptops.
  • Fingerprint scanning: In order to use fingerprint biometric login, you would need to install a fingerprint sensor that would connect to your Windows device. They are available as a hardware addon, on certain USB keyboards or laptops. 

What’s the Difference Between Windows Hello and Windows Hello for Business?

The biometric login offered by Microsoft can be employed both for personal and business use. The main difference is that the business version is more secure.

The consumer Windows Hello is unique to the device that it’s set up on and individuals can create a PIN or biometric gesture for login.

Windows Hello for Business is configured either by Group Policy or mobile device management, with Microsoft Intune. It always uses a key-based or certificate-based authentication, which is a more secure method of login management.

Windows Hello Compatible Applications & Websites 

Windows Hello is designed to make the login process easier, but if it only worked to get into your computer, it’s helpfulness would be limited. This is why Microsoft has integrated the ability to use Windows Hello with multiple other logins.

Here are a few of the applications you can use biometrics to log into instead of a username and password:

  • Dropbox
  • OneDrive
  • FourBudget
  • ShareFile
  • OneLocker
  • iHeartRadio
  • One Messenger (unlocking Facebook, Slack, and more)
  • Flow Mail (unlocking Outlook, Gmail, Yahoo, and more)

One particularly helpful integration if you’re a Microsoft 365 user is the ability to integrate Windows Hello with Intune for mobile device management. This will allow you to create an Intune policy under Device enrollment and an identity protection profile under Device configuration.

As far as websites go, you can use Windows Hello with the following browsers that will allow biometric authentication on websites that support it.

  • Microsoft Edge
  • Firefox
  • Chrome

Need Help Managing Your Company’s Logins?

Logins can be complex to manage, but there are many tools out there that can streamline the process, including Windows Hello or other credential authentication managers. Let us help you get a handle on your logins and improve network security.

Contact us today to discuss password and credential management. Call 705-222-8324 or reach out online.

stay in touch

Subscribe to our newsletter and we'll keep you informed about latest IT news.