The Windows 10 Review: The Old & New Face of Windows
by Brett Howse on August 25, 2015 8:00 AM EST- Posted in
- Operating Systems
- Microsoft
- Windows 10
Windows Hello and Passport
Welcome to the future. Windows 10 includes a new feature called Hello, which may change the way we log into our computers forever. Maybe that is a bit dramatic, but Windows Hello is a new framework which allows biometric logon to Windows, and it can include facial recognition, fingerprints, or even iris scanning technologies to authenticate you.
Now let’s take a step back. Windows has of course supported this in the past, and laptops have come with fingerprint readers for years. Much of that was through third party support, but you could easily set up Windows 8 to log in with a fingerprint. So this is not all new, but the new framework may be one of the biggest changes to come yet.
Windows Hello is meant to be a replacement for the traditional password logon. No one really likes passwords, but it is what we have, and therefore it is what we use. Maybe, just maybe, with Windows Hello we can start to move away from passwords. But, we are a long way from there yet. Let’s dig into Hello.
As I mentioned, laptops have come with fingerprint readers for years, and Windows 8 had native support for this (Windows 7 may have as well but I’ve not used a laptop with a reader on Windows 7) and you could pretty easily set it to log in. Windows Hello takes this to the next level with more options for login. At launch, there is support for fingerprints, iris scanning, or facial recognition.
In order to allow facial recognition but not easily be fooled by photos or other objects, Windows Hello requires an infrared camera. Right now, the only supported model is the Intel Real Sense 3D camera system, which was something that was shown off quite a bit at CES earlier in 2015. At the time, I wondered what the point of these 3D cameras were other than for some interesting demos, but clearly the companies were aware of this upcoming framework from Microsoft.
Microsoft has had some experience with this in the past. Kinect, which is an add-on for the Xbox, also allows facial recognition in order to log you in to it. I have to admit that my own experience with the Kinect for this function was so frustrating that I almost cheered the day they added the ability to automatically log into the Xbox One without the Kinect. So I was a bit skeptical about Windows Hello. One of the biggest issues I had on the Xbox One is that it would constantly think my eight year old son was me, and though people always say we look alike, I would think that the thirty extra years of age would make it somewhat obvious that we are not the same person.
I’ve been able to test out Windows Hello with the Intel Real Sense 3D camera dev kit, and I have to say the entire experience is almost perfect. It was incredibly easy to set up, and once configured, the entire process takes only around a second from the time it sees me to the time it logs me in. It seems much more accurate than Kinect, and part of that could easily be the distances it is used at versus the Kinect which often has to read my face from eight or ten feet away. But time after time, it quickly recognized me and logged me in, and once you experience it moving back to typing in a password is going to be a challenge.
I also tried to have it log in when my son was sitting in front of the PC, but he was not recognized, which is exactly how you want it to work. That's a pretty small sample size, but it's already better than Kinect was for me. The Australian had the resources to do a small test as well, but they were able to gather up six sets of idential twins. In none of the cases was the other twin able to unlock the device, so clearly there has been a lot of work to ensure that only the correct person unlocks the machine.
There are some extra security features too you can set up for Windows Hello. You can set it to not automatically unlock the screen if it sees you, which could be helpful in a corporate environment where you are near your computer but not at it, and you can also set it to have you turn your head from side to side before it will unlock, which should help with a more accurate unlock.
This is one of those features where once you first see and use it firsthand, it is almost a must have. I’m not sure if this will drive adoption of Windows 10 on its own, but I would certainly see it driving higher adoption for devices which include it versus those that do not. Hopefully we start to see this incorporated into desktop monitors as well.
Passport
Windows Hello is login, so what is Passport then? Passport is the next step. Windows Hello helps you log into your computer, and Passport is a service to help you log into everything else. This is another framework which can be leveraged in order to provide secure login to services without having to give them a password. There have been some pretty big cracks of online password databases in the last while, and any work to move to a new system which doesn’t require you to have a password at every location is something that will hopefully gain traction.
I think the most confusing aspect of Passport is its name. Passport was at one time the name of your Microsoft login, which was eventually named your Windows Live account, and now your Microsoft Account. It is also used in some other products like the Passport Authentication Protocol for WinHTTP. Confusing as it may be named, how it works is actually fairly simple.
Rather than authenticating with a username and password to a service or website, Passport will instead use a public/private key pair. The private key is stored in the machine and can be protected by the Trusted Platform Module (TPM) if it is present. Services or websites will get a copy of the public key. When a request to authenticate is made, the request is signed by the private key, which can then be opened by the public key.
But before all of this happens, Windows will prompt you to ensure you are in control of your device, using a PIN or Windows Hello. That way, if you leave your computer unlocked, people passing by can’t get access to your bank account using Passport.
None of this security technology is new, and that’s a good thing in the security world. Public/Private key pairs are what already powers all HTTPS traffic on the internet now.
The beauty of using a public key instead of a password is in the event the service is compromised. Attackers no longer gain access to a username and password which may or may not be the same one used by that person on many websites and services. Instead they get a public key, which can only be used to verify requests which come from the corresponding private key. Public keys are called that because they can and are made public for that single purpose.
Both of these technologies are a big step forward for the computer industry. We have already seen how much biometrics can help when looking at devices like the iPhone. For any inherent insecurity of using a fingerprint reader, the actual security is much higher than people using a four digit pin, or worse yet, nothing at all. Technologies like Windows Hello and Passport can be the solution to better security and ease of use. Hopefully both will gain traction with the ramp up of Windows 10.
Facebook
Twitter
RSS
293 Comments
View All Comments
zman58 - Thursday, October 15, 2015 - link
"worlds largest and most obnoxious spyware"We really don't know exactly what data it sends back on the user and their system(s) do we? The EULA does not detail this for us. In fact, the EULA has you agree to whatever they desire from your system--for improving the product. The spyware option is purely opt-out, for those of us who know what opt-out means and are capable of figuring out how to opt-out.
Then once you can/do opt-out, how can you be assured you will remain opted-out through upgrades, hot-fixes, patches, and what-not?
Bottom line is that the vendor decides what and when they want to collect data from your system, you have absolutely no control over them. Read the EULA and consider what it means before you click "I agree". You might not want to click that button...
Perhaps using an alternative reliable, safe, secure, and private operating system might be a better approach. ...Well hello there Linux.
bs grinder - Tuesday, December 26, 2017 - link
thanxjohn
ddriver - Wednesday, August 26, 2015 - link
"The privacy concerns are certainly not overblown, but for most people, they will make the trade-off of less privacy if it means an improved experience. The textbook example here is advertising, where in order to deliver relevant ads to the user"Ah yeas, I bet the whole world rejoices being able to give up their privacy to be blasted with ads. It is a great trade-off indeed.
"If you are concerned, the best thing to do is to read the privacy statement and adjust your settings accordingly."
I bet that's the best you can do, pretending that somehow clicking a button or two magically makes all problems go away
Also, I see a catch in those "privacy settings". You seem to only be able to turn off "sending MS info", but that doesn't imply that data is still not being mined and sent anywhere else.
imaheadcase - Wednesday, August 26, 2015 - link
You are aware these settings are present in almost almost win OS? The only privacy stuff they collect is related to MS services, onedrive, etc. Just because win 10 gave people options (gasp!) vs win 8 and 7 does not mean those did not, and still do have it.ddriver - Wednesday, August 26, 2015 - link
No they are not. Especially if you bother to watch what updates you install. For example, MS will try to sneak in the "telemetry" data miner service on your windows 7 as an update, but it is not there to begin with.I haven't used and will likely never use a windows version after 7, but in a "clean" windows 7 install none of the win 10 invasions of privacy are present. It doesn't keylog, it doesn't listen to speech, it doesn't analyze text or file content and it doesn't report everything you do back home.
Oh, and you can also chose not to install certain updates, whereas with the "nice free" windows 10 MS get to deploy on your system whatever it wants - all in the name of your comfort.
Michael Bay - Wednesday, August 26, 2015 - link
Your religious belief in 7 is amusing, at least.ddriver - Thursday, August 27, 2015 - link
If anyone around here is a believer, that is you, believing MS are trustworthy that is.Gigaplex - Friday, August 28, 2015 - link
If you don't trust MS, you shouldn't be using any version of Windows.althaz - Thursday, August 27, 2015 - link
FYI: Windows 7 collects telemetry by default. It was turned off by default in Vista and XP, but most OEMs turned it on for you. So Win 10 is collecting the same information as Windows XP, Vista and 7 (and 8), for most people.yuhong - Friday, August 28, 2015 - link
Does Win10 really "keylog" outside of search boxes and the like? search suggestions are not new either. There is no evidence that Win10 can read arbitrary files either.