You come across a killer app, but it needs another set of user credentials for you to remember for authentication. Could this be the straw that breaks the camel’s back? Especially with the constant stories of widespread enterprise hacking that expose consumer data, something has to change, right?
Windows Hello offers easy biometric authentication integrated into Windows 10. Windows Hello promises seamless 2 Factor Authentication (2FA) using device and user biometrics, taking away much of the pain around managing user credentials. Has this been tried and failed in the past? Yes. But Windows Hello has a better shot at success with well-thought-out features and reusable authorization.
In this article, we’ll unpack Windows Hello to help you understand the specifics.
Information security is fundamentally about systems identifying users – are you who you say you are? This user identification (authentication) is the basic first step before systems can decide what level of access or features that the user is entitled to use (authorization). It turns out, the first step is really tricky.
A vast majority of computer systems depend on user credentials for authentication. What could potentially go wrong? Here are just a few items, from a developer’s perspective:
You may think making credentials and their management inherently complex may make them more secure. To that end, you could try a few tricks:
While the above tricks will definitely help, they are not foolproof. Inherently, we developers are trying to make our applications easier to use for the end user. If we turn up the authentication complexity, it naturally goes directly against convenience and invites push back from users.
No amount of security will help if users write down, share or recycle credentials across apps. And even the safest system backends are defenseless if compromises happen elsewhere and users are being impersonated through stolen credentials.
The risks of managing user credentials go on and on. The point is, no matter how carefully you manage user credentials on your side, there are factors that are just beyond your control. And user credentials may be compromised for no fault of your authentication system. So why take the risk?
Windows Hello is the new biometric authentication system built into Windows 10. Windows securely stores the user’s biometric information in the device itself and allows for seamless safe authentication. By using Windows Hello to unlock a device, the authenticated user gains access to all of his or her Windows experience, as well as authorization to apps, data, websites, and services.
Windows Hello is not just a credential system – it is a 2FA out of the box. What are the two factors?
Windows Hello security information does not roam across devices and cannot be easily extracted from the device. Windows Hello credentials are never sent across the wire to a server or shared with 3rd party apps or services – it is only meant for use on a specific device.
Every user and account on a given device has to have its own Windows Hello authentication. You can think of a Hello as a token you can use to release a stored credential on the device – it only authenticates you on a specific device. In terms of authorization, Hello itself doesn’t allow you access to an app or service, but it releases credentials that can.
The Windows Hello authenticator is simply called the Hello – a unique combination of an individual device and a specific user. At Windows 10 launch, there are 3 Hello types:
The choice of Hello you use will depend on the availability and precision of the specific hardware device you have at hand.
The first step, however, towards getting any Windows Hello biometric gestures set up on a Windows 10 device is to set up the security PIN. This can be found in System Settings and Sign-In Options, as shown below. After a PIN is set up, you can configure Windows Hello to recognize you through an available biometric device, commonly facial or fingerprint recognition.
The security PIN you set up in Windows Hello is your gateway to setting up other Hellos, and, if you’re like me, you may often use the PIN to unlock your device. At this point, you may be wondering how a PIN is any different from just entering a Password to authenticate yourself? Although the user’s action is similar, a PIN has several advantages over traditional passwords, namely:
So is Windows Hello the one-stop panacea for all your authentication woes? While it does have a lot of promise for sure, any first-generation technology has some pitfalls. Here are few things to consider with Windows Hello:
Toss out your old user credentials – they are inherently difficult to manage and prone to misuse or hacks. Instead, trust Windows 10 to handle it all with authentication through Windows Hello. Backed by specific hardware devices and user biometrics, Windows Hello is uniquely positioned to replace traditional credential systems. And Windows Hello relieves developers from the responsibility of securely authenticating users in their apps or services, and instead trusting a strong 2FA baked into Windows.
Like any new technology, Windows Hello may have rough edges and hardware demands, but the potential is immense.
Did you know you could leverage Windows Hello in your UWP apps? Yep, authenticate and authorize users with ease through biometrics – we’ll talk about it in the next article. In the meantime, stop re-inventing the UI wheel and give your UWP apps a much-needed boost by using Telerik UI for UWP suite. You get polished and performant UI controls out of the box – try for free today!