The Windows 10 Review: The Old & New Face of Windows
by Brett Howse on August 25, 2015 8:00 AM EST- Posted in
- Operating Systems
- Microsoft
- Windows 10
Windows Hello and Passport
Welcome to the future. Windows 10 includes a new feature called Hello, which may change the way we log into our computers forever. Maybe that is a bit dramatic, but Windows Hello is a new framework which allows biometric logon to Windows, and it can include facial recognition, fingerprints, or even iris scanning technologies to authenticate you.
Now let’s take a step back. Windows has of course supported this in the past, and laptops have come with fingerprint readers for years. Much of that was through third party support, but you could easily set up Windows 8 to log in with a fingerprint. So this is not all new, but the new framework may be one of the biggest changes to come yet.
Windows Hello is meant to be a replacement for the traditional password logon. No one really likes passwords, but it is what we have, and therefore it is what we use. Maybe, just maybe, with Windows Hello we can start to move away from passwords. But, we are a long way from there yet. Let’s dig into Hello.
As I mentioned, laptops have come with fingerprint readers for years, and Windows 8 had native support for this (Windows 7 may have as well but I’ve not used a laptop with a reader on Windows 7) and you could pretty easily set it to log in. Windows Hello takes this to the next level with more options for login. At launch, there is support for fingerprints, iris scanning, or facial recognition.
In order to allow facial recognition but not easily be fooled by photos or other objects, Windows Hello requires an infrared camera. Right now, the only supported model is the Intel Real Sense 3D camera system, which was something that was shown off quite a bit at CES earlier in 2015. At the time, I wondered what the point of these 3D cameras were other than for some interesting demos, but clearly the companies were aware of this upcoming framework from Microsoft.
Microsoft has had some experience with this in the past. Kinect, which is an add-on for the Xbox, also allows facial recognition in order to log you in to it. I have to admit that my own experience with the Kinect for this function was so frustrating that I almost cheered the day they added the ability to automatically log into the Xbox One without the Kinect. So I was a bit skeptical about Windows Hello. One of the biggest issues I had on the Xbox One is that it would constantly think my eight year old son was me, and though people always say we look alike, I would think that the thirty extra years of age would make it somewhat obvious that we are not the same person.
I’ve been able to test out Windows Hello with the Intel Real Sense 3D camera dev kit, and I have to say the entire experience is almost perfect. It was incredibly easy to set up, and once configured, the entire process takes only around a second from the time it sees me to the time it logs me in. It seems much more accurate than Kinect, and part of that could easily be the distances it is used at versus the Kinect which often has to read my face from eight or ten feet away. But time after time, it quickly recognized me and logged me in, and once you experience it moving back to typing in a password is going to be a challenge.
I also tried to have it log in when my son was sitting in front of the PC, but he was not recognized, which is exactly how you want it to work. That's a pretty small sample size, but it's already better than Kinect was for me. The Australian had the resources to do a small test as well, but they were able to gather up six sets of idential twins. In none of the cases was the other twin able to unlock the device, so clearly there has been a lot of work to ensure that only the correct person unlocks the machine.
There are some extra security features too you can set up for Windows Hello. You can set it to not automatically unlock the screen if it sees you, which could be helpful in a corporate environment where you are near your computer but not at it, and you can also set it to have you turn your head from side to side before it will unlock, which should help with a more accurate unlock.
This is one of those features where once you first see and use it firsthand, it is almost a must have. I’m not sure if this will drive adoption of Windows 10 on its own, but I would certainly see it driving higher adoption for devices which include it versus those that do not. Hopefully we start to see this incorporated into desktop monitors as well.
Passport
Windows Hello is login, so what is Passport then? Passport is the next step. Windows Hello helps you log into your computer, and Passport is a service to help you log into everything else. This is another framework which can be leveraged in order to provide secure login to services without having to give them a password. There have been some pretty big cracks of online password databases in the last while, and any work to move to a new system which doesn’t require you to have a password at every location is something that will hopefully gain traction.
I think the most confusing aspect of Passport is its name. Passport was at one time the name of your Microsoft login, which was eventually named your Windows Live account, and now your Microsoft Account. It is also used in some other products like the Passport Authentication Protocol for WinHTTP. Confusing as it may be named, how it works is actually fairly simple.
Rather than authenticating with a username and password to a service or website, Passport will instead use a public/private key pair. The private key is stored in the machine and can be protected by the Trusted Platform Module (TPM) if it is present. Services or websites will get a copy of the public key. When a request to authenticate is made, the request is signed by the private key, which can then be opened by the public key.
But before all of this happens, Windows will prompt you to ensure you are in control of your device, using a PIN or Windows Hello. That way, if you leave your computer unlocked, people passing by can’t get access to your bank account using Passport.
None of this security technology is new, and that’s a good thing in the security world. Public/Private key pairs are what already powers all HTTPS traffic on the internet now.
The beauty of using a public key instead of a password is in the event the service is compromised. Attackers no longer gain access to a username and password which may or may not be the same one used by that person on many websites and services. Instead they get a public key, which can only be used to verify requests which come from the corresponding private key. Public keys are called that because they can and are made public for that single purpose.
Both of these technologies are a big step forward for the computer industry. We have already seen how much biometrics can help when looking at devices like the iPhone. For any inherent insecurity of using a fingerprint reader, the actual security is much higher than people using a four digit pin, or worse yet, nothing at all. Technologies like Windows Hello and Passport can be the solution to better security and ease of use. Hopefully both will gain traction with the ramp up of Windows 10.
Facebook
Twitter
RSS
293 Comments
View All Comments
Notmyusualid - Friday, August 28, 2015 - link
I run a Galaxy S5, Android has a fake Google account, using Cyangenmod as the fork OS, which comes with Privacy Guard by default. I can tell each and every app (as they pop up for permissions), that they cannot have access to say, my contacts, location, camera, photos, etc. Google Syncs nothing, everything turned off - I save my contacts to a file, and via microSD card they are transferred from phone to phone as I upgrade them.You really only need the Google account to access the Play Store, and yes, I do side-load some apps. Having no Samsung account, my Gear apps won't download, so I grab a working apk from a place I've known for some time. I have never ever made an app purchase on Android. Only once on Crapple some years ago (Shazam - now free also).
Every now and again, Android asks me to 'Review my Account', which is their way of trying to force me to add Paypal, or a Credit/Debit card to the account. No chance.
I change the Google account every two years too.
I don't use social media.
Text messages are not seen by apps, due to Pirvacy Guard.
Any more Q's?
Ratman6161 - Wednesday, August 26, 2015 - link
If none of your phones "send anything to the cloud" I'd like to see how you accomplish that. With either iOS or Android are you saying you don't use any apps at all? Or you side load every app you use (don't think iOS would let you do that anyway but not an Apple user).If you are getting any apps from the respective app store you have to be logging into them and providing them a credit card and other information to make the purchase.
Are you saying you either don't get email or have your own mail server so you can avoid the cloud? You never use any social media from your phone?
Use a navigation app? How do you do that without your location going to the cloud?
This is all kind of difficult to believe. For most, a smart phone would be next to useless without at least some cloud services such as email.
Or are you saying you don't use a smart phone and when you say "none of my phones" you mean old feature phones ... oh wait, even text messages could be considered sending your data to the cloud.
Notmyusualid - Friday, August 28, 2015 - link
Ratmann, see my answer above.groberts116 - Tuesday, August 25, 2015 - link
Troll Alert: More misinformation about Windows 10. A lot of wasted time writing a comment that is totally inaccurate. Windows 10 does not read your email or look for any applications for files other than to insure Microsoft Software on our systems has a valid product key.superflex - Tuesday, August 25, 2015 - link
Says the M$ sockpuppet.ppi - Tuesday, August 25, 2015 - link
Using link from RT.com completely discredits your argument, as it is site full of deliberate lies. Half-an-hour watching RT.com TV (when I was genuinely looking for alternative view on Ukraine crisis) was more than enough for me to understand this site is total rubbish.Obviously, if you save data on OneDrive, and court orders to give your data away, MS has to comply. If SWAT comes to your home, they will look in your computer as well.
And citing Technical Preview EULA is unfair. And incorrect.
sonny73n - Wednesday, August 26, 2015 - link
@ppiYour opinion worths trash. You should go back to watching Fox News which is more suited for your perspective.
ppi - Wednesday, August 26, 2015 - link
@sonny73n: You are making incorrect assumption, that I am basing my opinion on RT.com on what they say on Russia/Ukraine. No, I made that conclusion based on what they said on my country and my region, and which were blatant manipulative lies/disinformations. Also, RT.com spreads any fitting conspiracy theory available, no matter how crazy they are.I actually wonder what makes you believe RT.com is reliable source of information for anything else other than things like KHL results.
Michael Bay - Wednesday, August 26, 2015 - link
[muh offended stereotypes intensifies]Oh no, RT didn`t blame Russia for everything, alarm!
Notmyusualid - Tuesday, August 25, 2015 - link
Here, this picture might help you some more:http://i.imgur.com/p2DYhbd.jpg
Kinda spells out the whole privacy issue for me... so much so, I won't be upgrading my Win 7 Pro to Win 10 Pro.
My spare laptop received a free copy of Win 10, and I have a firewall on it, to prevent the Microsoft packet leaks.