When we started building Windows 10, the team spent a lot of time and energy thinking about how to make computing more personal. We want your devices to recognize you, to understand what you’re saying… we want the experience to go wherever you do and we want you to feel a great sense of TRUST as you go. We talked a bunch about these ideas on January 21, and today we’ve got another cool new “personal computing” feature to announce for Windows 10.
I’d like to introduce you to Windows Hello – biometric authentication which can provide instant access to your Windows 10 devices.* With Windows Hello, you’ll be able to just show your face, or touch your finger, to new devices running Windows 10 and be immediately recognized. And not only is Windows Hello more convenient than typing a password—it’s more secure! Our system enables you to authenticate applications, enterprise content, and even certain online experiences without a password being stored on your device or in a network server at all.
So how does it all work?
Windows Hello introduces system support for biometric authentication – using your face, iris, or fingerprint to unlock your devices – with technology that is much safer than traditional passwords. You– uniquely you– plus your device are the keys to your Windows experience, apps, data and even websites and services – not a random assortment of letters and numbers that are easily forgotten, hacked, or written down and pinned to a bulletin board. Modern sensors recognize your unique personal characteristics to sign-you-in on a supporting Windows 10 device.
Which devices, you ask? Well, there will be plenty of exciting new Windows 10 devices to choose from which will support Windows Hello. And, if your device already has a fingerprint reader, you’ll be able to use Windows Hello to unlock that device. For facial or iris detection, Windows Hello uses a combination of special hardware and software to accurately verify it is you – not a picture of you or someone trying to impersonate you. The cameras use infrared technology to identify your face or iris and can recognize you in a variety of lighting conditions.
Of course, convenience and simplicity should never sacrifice security and privacy. Windows Hello offers enterprise-grade security that will meet the requirements of organizations with some of the strictest requirements and regulations. It’s a solution that government, defense, financial, health care and other related organizations will use to enhance their overall security, with a simple experience designed to delight.
Authenticating Applications, Enterprise Content and Online Experiences – Without Passwords
Today, passwords are the primary method most of us use to protect our personal information, but they are inconvenient and insecure. They are easily hackable and even when complex they are not effective, but most of us want something easy to remember, so we either choose a simple password or end up noting it down somewhere making it less secure. And, to be truly secure, you need to remember dozens of passwords to login to your many devices and services.
You may have seen recent press coverage about a single group collecting 1.2 billion user names and passwords from websites they hacked. This creates lousy odds in the hacker roulette for all of us – there are only about 2 billion people online today!
“Passport” is a code name for a programming system that IT managers, software developers and website authors can use to provide a more secure way of letting you sign-in to their sites or apps. Instead of using a shared or shareable secret like a password, Windows 10 helps to securely authenticate to applications, websites and networks on your behalf—without sending up a password. Thus, there is no shared password stored on their servers for a hacker to potentially compromise.
Windows 10 will ask you to verify that you have possession of your device before it authenticates on your behalf, with a PIN or Windows Hello on devices with biometric sensors. Once authenticated with “Passport”, you will be able to instantly access a growing set of websites and services across a range of industries – favorite commerce sites, email and social networking services, financial institutions, business networks and more.
“Passport” also will work with thousands of enterprise Azure Active Directory services at launch, and Microsoft has joined the FIDO alliance to support replacing passwords with a growing set of financial, consumer, and other security services over time. Windows 10 will also have industry-leading security and identity protection for enterprises, so they can deploy new Windows 10 devices with hardware necessary to use Windows Hello, enabling enterprise-grade protection of the device and more secure password-free authentication to enterprise line of business applications.
Using Windows Hello and “Passport” is your choice and you control whether to opt-in to use it. We understand how critical it is to protect your biometric data from theft, and for this reason your ‘biometric signature’ is secured locally on the device and shared with no one but you. It is only used to unlock your device and “Passport”, it is never used to authenticate you over the network.
We’re working closely with our hardware partners to deliver Windows Hello capable devices that will ship with Windows 10 and we are excited to announce that all OEM systems incorporating the Intel® RealSense™ 3D Camera (F200) will support the facial unlock features of Windows Hello, including automatic sign-in to Windows, and support to unlock “Passport” without the need for a PIN.
We’re really excited about taking another step with Windows 10 to make computing more personal, and more secure, with Windows Hello and “Passport”.
*Windows Hello requires specialized hardware, including fingerprint reader, illuminated IR sensor or other biometric sensors.