Windows Hello is the biometric component of Microsoft's Passport. However, the two applications are not dependent on each other -- you can use Windows Hello by itself (and hence we are putting it in its own tutorial). It is a brand new security system that has been built into Win10. With just your face or your fingerprint, you can log in to your Win10 device. Some users even go as far as to say that this will be the death of passwords as we know them.
What do I need to use Windows Hello?
One of the great selling points of Windows Hello (at least the fingerprint side of it) is the fact that you will not really need any new hardware for it. Almost all of the existing fingerprint readers, which are already built into notebooks and input devices (even external fingerprint readers, the types that connect via USB) are supported. This was tested with a Vista-era laptop with an embedded fingerprint sensor.
Even the software half of the equation is lenient. If you are currently running Windows 7, you were using an OEM software as that was the only way the fingerprint sensor would work. For Win10, you can do without that software as the support is built-in. If you were working with either Win8 or 8.1, then the process would feel familiar (albeit with a different overall process and interface).
Now, things have changed considerably if you are opting for facial recognition. For this, you will need either a newer device such as an all-in-one with a built-in Intel RealSense camera. You may also get an external RealSense F200, which is originally sold to developers looking to create apps with it. The latter would work only if you have a 4th Generation Hasswell CPU (or later). Note that the RealSense camera is large, so it will not be practical for laptops or netbooks.
After the camera, you will need the Intel RealSense DCM (Depth camera Manager) software, which you will have to manually download. This will let the camera work (but not the SDK or Software Developer Kit that comes with it). You might also have to tweak Device manager so your USB ports do not power down when the PC is on standby -- else you will not be able to use Hello to log in.
As of the moment, the Kinect (itself a 3D infrared camera) cannot be used yet with Hello. This is reportedly a work in progress, and Kinect 2 is expected to be compatible with Hello (though there is no release date yet).
For those who wish to take things up one step higher, next-gen Lumia phones have been confirmed to carry iris recognition capabilities. When tied up with Hello, this can revolutionize the way you log into your device.
Hello's Security -- Can it spoof your Fingerprints?
Most of the world's security systems can be fooled in some way or another. However, Hello has gained a quick reputation of being very hard to fool. The RealSense camera, for example, is a very high-tech camera that uses infrared -- this means that it's not looking for a mole or any distinguishing facial feature but for the shape and temperature of your face. This means that anyone showing the camera a photograph of your face (or a mask that is a perfect clone of your face) cannot unlock the device.
For fingerprints, most scanners check the 3D structure of the print (modern scanners, at least). The more powerful ones even check for the pulse on the finger, so rubber clones of your thumb would not work.
And while experts have quite recently released a study claiming fingerprint data stored on Android phones can be vulnerable to theft, such a problem is not evident with Hello. This is because there is no "picture" or snapshot of the data that the thief can obtain. Instead of that, Win10 uses an encrypted graph-like template with 60 landmark points for your face and 40 data points for your finger. This is never sent off from the PC, either. The template is secure even if some ultra-smart hacker manages to obtain it, since it cannot be used to recreate your face or finger in any manner. Simply feeding Hello the template without any actual face or finger behind it would not work, either.
As an additional security (and convenience) feature, Hello can tell which way your head is facing -- without storing the data in the template. It shouldn't matter if the lighting changes because of this.
So How do I Set Up Windows Hello?
Simply open the Settings app and then choose Accounts → Sign-in options to set up Windows Hello. You have to create the PIN to unlock Hello's options -- this is needed as a fallback just in case your face or the fingerprint is not recognized. By default, you will only be able to try the biometrics five times -- after that fails, the system will ask you for the PIN. Like in the tutorial about Passport, a PIN is more secure since it is not sent out.
Click on the Add button under the PIN field, and enter a new one. Only for this first step, you will be entering your password as well -- so that no one else can lock you out of your PC. The Windows Hello options will appear now for whichever biometrics are available. If you are equipped with a supported camera, you will be able to see the controls of facial recognition setup. For those with fingerprint readers equipped, you will see a button for one or more fingerprints.
Once you click set-up, you can access an explanation of Hello, then a prompt to get in a position to have your biometrics taken. Click Get Started -- you will need to enter the PIN for this step to ensure that it is you entering the biometrics.
Recognition should only take a few seconds and you will see the results on-screen. If you are on facial recognition and you wish to recapture your picture, you can take another shot by clicking Improve Recognition. This is ideal for people with glasses or other facial accessories -- you might want to take a shot of yourself both with and without the glasses, etc. This can take much longer, since the system will scan your face more thoroughly for landmarks -- there are times it can take up to two minutes.
If you change your appearance, you can re-enroll. For this, you need the PIN once more. Under the sign-in options, you can choose the Improve Recognition feature again. Windows Hello will keep the previous representation it has of your image, so that in case you go back to how you looked before the system will still recognize you.
Once everything is set up, the system will be able to unlock your PC as soon as it sees your face. This is the default behavior, but you can also set the system so that it unlocks only when you turn your head from side to side. This will use the shape of your head (recorded in 3D) to distinguish you from that of other users.
If you don't want to use the biometrics to sign in anymore, you would be able to access the Remove button to delete the templates.
Hello -- Now and The Future
As of the moment, Hello serves us in the very basic but essential aspect of verifying your identity logging into the PC. It also detects you as you walk up to it, responding by waking up from sleep. It will work for either your Microsoft or work accounts (for the latter, your company has to allow it first). It can also allow you to use your finger or your face to verify app purchases in the Windows Store instead of manually having to type the password each time.
Of course, it also works with Passport as discussed earlier, which can altogether usher in the next generation of login credentials. The good thing about this is that it isn't just browser specific; it can also work when you're trying to access the resources through browsers outside of Edge.
In the future, Microsoft is rumored to turn Hello into a much more powerful login system that can take on more uses while slowly killing out oft-forgotten and oft-hacked passwords. After all, who can forget a fingerprint?