The Windows 10 Review: The Old & New Face of Windows
by Brett Howse on August 25, 2015 8:00 AM EST- Posted in
- Operating Systems
- Microsoft
- Windows 10
Windows Hello and Passport
Welcome to the future. Windows 10 includes a new feature called Hello, which may change the way we log into our computers forever. Maybe that is a bit dramatic, but Windows Hello is a new framework which allows biometric logon to Windows, and it can include facial recognition, fingerprints, or even iris scanning technologies to authenticate you.
Now let’s take a step back. Windows has of course supported this in the past, and laptops have come with fingerprint readers for years. Much of that was through third party support, but you could easily set up Windows 8 to log in with a fingerprint. So this is not all new, but the new framework may be one of the biggest changes to come yet.
Windows Hello is meant to be a replacement for the traditional password logon. No one really likes passwords, but it is what we have, and therefore it is what we use. Maybe, just maybe, with Windows Hello we can start to move away from passwords. But, we are a long way from there yet. Let’s dig into Hello.
As I mentioned, laptops have come with fingerprint readers for years, and Windows 8 had native support for this (Windows 7 may have as well but I’ve not used a laptop with a reader on Windows 7) and you could pretty easily set it to log in. Windows Hello takes this to the next level with more options for login. At launch, there is support for fingerprints, iris scanning, or facial recognition.
In order to allow facial recognition but not easily be fooled by photos or other objects, Windows Hello requires an infrared camera. Right now, the only supported model is the Intel Real Sense 3D camera system, which was something that was shown off quite a bit at CES earlier in 2015. At the time, I wondered what the point of these 3D cameras were other than for some interesting demos, but clearly the companies were aware of this upcoming framework from Microsoft.
Microsoft has had some experience with this in the past. Kinect, which is an add-on for the Xbox, also allows facial recognition in order to log you in to it. I have to admit that my own experience with the Kinect for this function was so frustrating that I almost cheered the day they added the ability to automatically log into the Xbox One without the Kinect. So I was a bit skeptical about Windows Hello. One of the biggest issues I had on the Xbox One is that it would constantly think my eight year old son was me, and though people always say we look alike, I would think that the thirty extra years of age would make it somewhat obvious that we are not the same person.
I’ve been able to test out Windows Hello with the Intel Real Sense 3D camera dev kit, and I have to say the entire experience is almost perfect. It was incredibly easy to set up, and once configured, the entire process takes only around a second from the time it sees me to the time it logs me in. It seems much more accurate than Kinect, and part of that could easily be the distances it is used at versus the Kinect which often has to read my face from eight or ten feet away. But time after time, it quickly recognized me and logged me in, and once you experience it moving back to typing in a password is going to be a challenge.
I also tried to have it log in when my son was sitting in front of the PC, but he was not recognized, which is exactly how you want it to work. That's a pretty small sample size, but it's already better than Kinect was for me. The Australian had the resources to do a small test as well, but they were able to gather up six sets of idential twins. In none of the cases was the other twin able to unlock the device, so clearly there has been a lot of work to ensure that only the correct person unlocks the machine.
There are some extra security features too you can set up for Windows Hello. You can set it to not automatically unlock the screen if it sees you, which could be helpful in a corporate environment where you are near your computer but not at it, and you can also set it to have you turn your head from side to side before it will unlock, which should help with a more accurate unlock.
This is one of those features where once you first see and use it firsthand, it is almost a must have. I’m not sure if this will drive adoption of Windows 10 on its own, but I would certainly see it driving higher adoption for devices which include it versus those that do not. Hopefully we start to see this incorporated into desktop monitors as well.
Passport
Windows Hello is login, so what is Passport then? Passport is the next step. Windows Hello helps you log into your computer, and Passport is a service to help you log into everything else. This is another framework which can be leveraged in order to provide secure login to services without having to give them a password. There have been some pretty big cracks of online password databases in the last while, and any work to move to a new system which doesn’t require you to have a password at every location is something that will hopefully gain traction.
I think the most confusing aspect of Passport is its name. Passport was at one time the name of your Microsoft login, which was eventually named your Windows Live account, and now your Microsoft Account. It is also used in some other products like the Passport Authentication Protocol for WinHTTP. Confusing as it may be named, how it works is actually fairly simple.
Rather than authenticating with a username and password to a service or website, Passport will instead use a public/private key pair. The private key is stored in the machine and can be protected by the Trusted Platform Module (TPM) if it is present. Services or websites will get a copy of the public key. When a request to authenticate is made, the request is signed by the private key, which can then be opened by the public key.
But before all of this happens, Windows will prompt you to ensure you are in control of your device, using a PIN or Windows Hello. That way, if you leave your computer unlocked, people passing by can’t get access to your bank account using Passport.
None of this security technology is new, and that’s a good thing in the security world. Public/Private key pairs are what already powers all HTTPS traffic on the internet now.
The beauty of using a public key instead of a password is in the event the service is compromised. Attackers no longer gain access to a username and password which may or may not be the same one used by that person on many websites and services. Instead they get a public key, which can only be used to verify requests which come from the corresponding private key. Public keys are called that because they can and are made public for that single purpose.
Both of these technologies are a big step forward for the computer industry. We have already seen how much biometrics can help when looking at devices like the iPhone. For any inherent insecurity of using a fingerprint reader, the actual security is much higher than people using a four digit pin, or worse yet, nothing at all. Technologies like Windows Hello and Passport can be the solution to better security and ease of use. Hopefully both will gain traction with the ramp up of Windows 10.
Facebook
Twitter
RSS
293 Comments
View All Comments
inighthawki - Tuesday, August 25, 2015 - link
Lol this image is so full of crap. Not only can you turn most of it off permanently (And yes, you can disable WU and WD from the services list and it will not start back up) but this image is so misleading. They even photoshopped an ad in the start menu on a setting that doesn't even exist in the RTM build... Come on, that's low. Mos tof the other things such as "tracking keystrokes and browsing history" for wbe browsing exist in Windows 7 and 8. Wi-Fi sense has been known to be blown way out of proportion. Telemtry has also been proven to only provide non-personal information. It collects stuff such as hardware configurations, statistical information like how often you click the start button, and machine crashes. Does this seriously worry you that Microsoft knows that "someone in the world" owns a MacBook pro and clicked the start button 8 times today?You're really just buying into a bunch of fearmongering by a bunch of people who just wanted excuses to continue using Windows 7. If you don't like Windows 10 or don't want to use it, that's fine, but don't cite these ultra poor excuses as the reasons why, as it shows you didn't actually look much further than the surface, and just jumped on the bandwagon.
Notmyusualid - Tuesday, August 25, 2015 - link
Thank you for your (what I believe is an incorrect opinion), but I HAVE EVERYTHING TURNED OFF, and my firewall logs STILL show encrypted packets going out to Microsoft - EVERYTIME I hit a key, and everytime I open a program.So even if somebody starts with a Microsoft Account, their data would be synced to MS, before many would realise what had happened.
There is absoultely nothing you can say that would make me believe that MS deserves access to my contacts. Those are private.
And no, I did not jump on any bandwagon, I did my own testing, came to similar conslusion as the picture stated, and yes, I will be continuing to use Win 7, as I do not like it.
Only Enterprise Editions can disable all modes of telemetry...
inighthawki - Tuesday, August 25, 2015 - link
Oh OK, so you saw encrypted packets going out... So I guess you decrypted them and looked at the content, then? Sending information when certain types of hardware interrupts occur does not mean they are sending personal information or recording your keystrokes like a keylogger. You have no way of knowing what's in the packets, yet you make assumptions that it's a privacy issue. Yet another example of someone pretending they're fully informed because they open up Wireshark and see some packets being sent over the network and "came to a conclusion" about what was really happening.minijedimaster - Tuesday, August 25, 2015 - link
Are you paid to have some shill answer for everything windows 10? "Oh well, so you proved me wrong with your firewall packet captures, but do you REALLY know what it's sending???"LOL, yeah ok... go be a paid shill somewhere else.
inighthawki - Tuesday, August 25, 2015 - link
Sorry if I'm not irrational/paranoid and don't jump to conclusions based on evidence that doesn't actually show any of the claims you're making.Oh no, a network packet! My entire life must now belong to Microsoft's hands!
SlyNine - Tuesday, August 25, 2015 - link
I have to disagree. Your computer sending encrypted packets to Microsoft, even tho you supposedly disabled that stuff, is a HUGE red flag. At that point its up to Microsoft to convince me that they are NOT sending personal information (it shouldn't be sending any). I might have to pass on windows 10 until this gets clarification.imaheadcase - Wednesday, August 26, 2015 - link
Most modern windows OS send data to MS encrypted, almost all programs with internet connectivity do. The OP is prob just looking at the encrypted data it sends to check for windows updates. Has nothing to do with privacy.Holy hell did everyone just step on the jump to conclusions mat. lol
Notmyusualid - Friday, August 28, 2015 - link
It has everything to do with privacy.Every time I press a key, a packet is sent. This is not updates.
Notmyusualid - Friday, August 28, 2015 - link
It IS a Huge Red Flag.This guy is a Microsoft employee.
nikon133 - Sunday, August 30, 2015 - link
You sound like you might be working for competition, though. Apple? Some shady Linux brotherhood? Just saying.