Windows Hello – Biometric Login

With the latest Windows 10 update you can now login to your PC with biometrics, using either fingerprint or facial recognition. In Why would you want to do this and what should you be concerned about?

First, to address any concerns about putting your fingerprint on a device, fingerprint scanners and login systems do not store an image of your fingerprint. What happens is a sensor reads the tiny bumps and valleys and computes a mathematical formula based on those bumps. The mathematical formula is called a “hash”, and a hash is simply computing a big number for some object, such that no two objects will result in the same hash, and the hash function is one way. What this means is that even if someone were to get ahold of the hash of your fingerprint, they cannot work backwards from that has and construct your fingerprint.   Lastly, the fingerprint hash is unique to the system you are logging into, so someone can’t grab your fingerprint hash from your PC and use it to log into your phone.

Why would you want to use biometrics? Because it offers convenience, because you don’t have to type a password to login, and because no one can guess your password or brute force hack like they can with password.

Which is better — fingerprint or facial recognition? The answer really depends on the facial recognition scanner. Some facial recognition systems have been fooled by using a picture of the person’s face.  This is not good when you consider your picture is likely available to anyone via facebook — which incidentally is one reason you should not make your profile picture a close-up of your face showing great detail and especially your eyes. This is also why you shouldn’t visit those sites that analyze your face and tell you which celebrity you most resemble — because it is bullshit and also because those sites are gathering facial scans. Face it, you don’t look like Brad Pitt and the site you let scan your face to tell you that is going to sell your face scan.

Fingerprint login has been fooled in some rare cases, but in general you can be assured someone isn’t going to be able to login to your PC using a beer mug you touched, or a picture of your finger. However, as we see in plenty of video games and movies, if the information you are securing with your fingerprint is wanted that badly, all they have to do is cut your finger off to get access. Incidentally, this is another reason to not prefer facial recognition — you can live without a finger but not without a head.

You don’t have to buy a new PC to get biometric login with Windows 10. For under $20 you can buy a usb dongle that plugs in and you are up and running. Just make sure the fingerprint scanner you buy is designed for and compatible with windows hello.

If you want to go the facial recognition route, unfortunately your existing webcam has very little chance of being a windows hello compatible device. If you were going to buy a new one anyways, then I suppose this might be a good way to go.

Beyond simply logging in, you can look forward to windows hello being able to integrate with applications and sites in the near future. This is where the real benefits will kick in, when you can set gmail to require fingerprint login., or your online banking.

For extremely sensitive information or system access, you wouldn’t want to change from password to biometrics. Better would be to require both. This is called two-factor authentication, and is the best way of controlling access because in order to get in the individual needs something they have (the finger) as well as something they know (the password or pin code).

Two-factor authentication is available on a lot of sites today, but it is not convenient because you have to put in a  password, then check your phone for a text message with the code, and then enter that.  With biometrics, two-factor authentication becomes a lot simpler and convenient, and therefore people will adopt it.