Windows Hello is a sophisticated facial scanning technology. It lets you quickly log in to your Windows PC without a passcode. You need a special webcam to make Windows Hello work, but with the right hardware, it’s fast and convenient. Does that mean you should use it? What are the pros and cons?
Also read: How to Know if Someone Else Is Logging in to Your Windows PC
What Makes Windows Hello Special
While many different facial unlocking systems exist, Windows Hello is one of the most sophisticated solutions.
Facial recognition security always runs the risk of being fooled. Enterprising hackers have used photographs and masks to get around more basic systems. However, Windows Hello uses “structured light” to build a 3D model of your face. Then compares that stored scan with the face currently in front of the camera. If they match, then the computer unlocks.
Windows Hello is More Than Facial Recognition
While most people think of Windows Hello as a face unlock system, it actually includes iris and fingerprint scans. In other words, all of the common biometric data types you can use with modern computers are governed by Windows Hello.
Windows Hello doesn’t actually store scans of your face, iris, or fingerprints anywhere on your computer. It also never sends that information over the internet, according to Microsoft.
How can it know whether your face is the right one if it doesn’t store a photo of it? This works because the Windows Hello software converts your biometric data using special mathematical operations into a digital graph. That graph can’t be reversed back into a photo of your face. However, applying that math to your face produces the same graph again. So if the graphs match, Windows Hello lets you in.
Windows Hello Has Been Hacked Before
There’s no such thing as a perfectly secure system. If you put in enough time, money, and effort you can crack anything in principle. It’s just that some security measures aren’t worth the amount of work you’d need to get past them.
Windows Hello is no different. Hackers have already demonstrated how it can be bypassed, but these hacks are complex and impractical. In 2021, hackers revealed a method using manipulation of a USB webcam. Microsoft has since plugged the vulnerability, but as with anything, more exploits will be discovered.
Biometric locks like Windows Hello feel very secure to us because of how sophisticated they are on the surface. So there’s a real danger of developing a false sense of security.
Also read: 5 of the Best Hardware Security Keys for Two-Factor Authentication
Windows Hello Requirements
To use Windows Hello, you need Windows 10 or Windows 11. However, you also require a special certified Windows Hello camera. These cameras can project and see infrared light. Then sophisticated hardware can translate the images into detailed 3D models of objects within view.
If you’re buying a laptop, Windows Hello compatibility should be listed under the webcam’s specifications. For some laptops, a Windows Hello camera is an optional extra. You’ll have to specify that you want one when you order the computer.
If you’re using a desktop computer (or a docked laptop) you can easily add Windows Hello functionality. Just add a certified camera such as the Dell UltraSharp HDR 4K, although these cameras command a stiff premium!
If you have everything you need to run Windows Hello, this is how you can activate the feature.
- Open the Start Menu and click on the “Settings” app cog.
- Click “Accounts” from the sidebar.
- Select “Sign-in options”.
- At the top, select “Facial recognition”.
- Now, tap on the “Set up” button and follow the Windows Hello setup wizard.
- The configuration wizard steps include things such as looking at the camera and entering a password or pin.
Also read: How to Set Up Two-Factor Authentication for Raspberry Pi
When Not to Use Windows Hello
It’s unlikely that regular users will be the target of the sort of hacking that has a shot at breaking Windows Hello. Still, there are a few reasons to avoid using this admittedly convenient Windows feature.
If you’re someone who has access to or is the custodian of truly sensitive information owned by entities such as the government, you’ll want to consider more secure ways of keeping your computer data safe. A much better solution would be something like a YubiKey. These keys can be kept separately from a computer in case it’s stolen.
With a hardware security key as a second factor, Windows Hello won’t work without it. So as long as you don’t leave the key plugged in when you aren’t actively using the computer, it’s the best of both worlds.
If you care about webcam privacy, then you’re likely to use a webcam privacy cover. Obviously, Windows Hello won’t work with a lens cap on. You’ll have to remove it every time you want to authenticate. This removes most of the convenience, so you’re better off using a passcode or fingerprint.
Windows Hello can be handy if you travel or are worried about your laptop being seized. This can be by customs officials, law enforcement, or anyone you don’t want to show your private data. It works well as a lock when you aren’t present, but all someone has to do is point the camera at your face and the computer will open. If you use a password instead, you can refuse to divulge it, but your face is an open book.
Also read: How to Permanently Disable Windows Defender
Who Should Use Windows Hello
Windows Hello is a great solution for people who work at a desk. Especially in areas where others could have access to their system. Think of workspaces such as open-plan offices or computer labs. It’s also a great convenience for personal computers that don’t have sensitive information stored openly once someone is past the login screen.
Whether you use Windows Hello or not, it’s always a good idea to practice good security habits. You should assume that if your laptop gets stolen, someone will break into it and secure your information accordingly.
For example, make sure that you have two-factor authentication for any critical online accounts. Store sensitive information in an encrypted folder on your computer that requires a separate password to open.
Improving Windows Hello Recognition
After you’ve set up Windows Hello facial recognition, it’s possible to make it both more accurate and secure with additional subsequent scans. By doing so, you make it less likely that it will unlock for the wrong face and more likely that it won’t fail to recognize you!
To improve Windows Hello recognition follow these steps:
- In “Settings”, go to “Facial recognition” like we showed you above.
- Click on “Improve Recognition”.
- Now select “Get Started”.
- Enter your PIN, and follow the instructions in the wizard.
- For the next step, look directly into the camera.
- Windows Hello should now be more secure and accurate. If you wear glasses, you may want to do this twice. Once with and once without the eyewear.
Also read: How to Enable Ransomware Protection in Windows
How To Disable Windows Hello
- Go to “Facial recognition (Windows Hello)” in “Settings” again.
- Choose “Remove”.
- If you’re not looking to permanently disable facial recognition in Windows, but just to pause it for a while, follow the steps above again and select “Set up” to bring the feature back.
Saying Goodbye to Hello?
We’re not suggesting that Windows Hello isn’t secure or that you shouldn’t use the feature. You should just be aware that biometric security has a few inherent downsides and that you shouldn’t put your full trust in them. Rather, use features like Windows Hello when the balance of risk and convenience is just right.
Image credit: Pixabay | All screenshots by Sydney Butler
Our latest tutorials delivered straight to your inbox