Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows 10's Biometric Security Layer Introduced

Posted by Soulskill on from the requires-multiple-bodily-fluids-for-authentication dept.

jones_supa writes: One of the major concepts of Windows 10 are new security ideas, and though Microsoft has touched on this topic before, it's only now giving us a more comprehensive look in the form of "Windows Hello." This is an authentication system that uses a variety of biometric signatures and combines hardware and software to allow for seamless and secure user recognition and sign-in. According to Microsoft, the ideal scenario here would be for you to simply look at or touch a new device running Windows 10 and to be immediately signed in. The software analyzes input from such hardware as fingerprint scanners and infrared sensors to make sure that you are you and not some impostor, and then signs you in without requiring you to enter a password. But the point of Windows Hello isn't only convenience, as the company's blog post notes, but also security. We've heard time and time again how insecure passwords are, and Microsoft is aiming to offer a widely-deployed replacement while still delivering enterprise grade security and privacy.

8 of 138 comments (clear)

  1. No thanks... by Anonymous Coward · · Score: 5, Insightful

    Considering I have heard tales of biometric scanners being bypassed by pressing a warm hot dog against them, I think I'll pass.

    I'm sure they've improved, but I don't know that they've improved enough. Plus, I'm not sure I'd want to be auto-logged in by just picking up the device.

    1. Re:No thanks... by gronofer · · Score: 4, Insightful

      I'd say you should also wear gloves everywhere in case your fingerprint is compromised. It's not like you can change it easily.

    2. Re:No thanks... by Bing+Tsher+E · · Score: 5, Insightful

      The deal with Windows 8 is, you get a 'Microsoft Account' that you use to log onto all your Windows 8 devices and computers. Microsoft has the password. You can't have a password on your machine that is local that Microsoft doesn't have. You can't change your password to anything you've used recently. All the usual 'LAN' password requirements, mandated, and your Windows machine won't work without them.

      So with Biometrics tied into this, you'll have your Microsoft Account, you'll have to use it to authenticate on Windows products, and you won't be able to become de-linked from it, ever. You'll not be able to be anonymous on any Windows computer or device ever again.

      Facebook and their 'Real Name' policy should be so lucky.

    3. Re:No thanks... by gl4ss · · Score: 4, Insightful

      The Microsoft account is optional. I don't use it. Please update your FUD accordingly.

      it is indeed optional. however, with windows 8.1 they made it less obvious that it is optional. basically, yo have to go to something that looks like a failure state before you can create a local account. fucking ridiculous.

      --
      world was created 5 seconds before this post as it is.
    4. Re:No thanks... by WaffleMonster · · Score: 5, Insightful

      I think only blind people miss that part and falsely believe you have to create a Microsoft account.
      No matter how "obscure" some idiot like GP claims it to be

      It is clearly intentionally deceptive. There is no excuse for this behavior from a corporation who expects people to trust them.

      it's still far better than what Google does, forcing users to create a Google account with no option for a local account on Android or Chrome OS.

      Better than what Microsoft does when you refuse to set an account on a Windows Phone device. At least I can still use an Android device and install software on it without having a Google account.

  2. Is it really more secure? by martok · · Score: 4, Insightful

    I've seen cases recently where people crossing the border from one nation to another have been asked to enter their phone or laptop password for inspection. They are at this point free to refuse to divulge this information though there may be the obvious consequences. Using biometrics, would it not be possible for an attacker to simply force one to provide biometrics to unlock a device? What about other attacks such as a spouse unlocking a device using his/her partner's fingerprint while (s)he is asleep? I would think this would open up new security holes for the ones it fixes.

    1. Re:Is it really more secure? by Anonymous Coward · · Score: 2, Insightful

      http://xkcd.com/538/

  3. enterprise grade security? ...right by l3v1 · · Score: 4, Insightful

    "delivering enterprise grade security and privacy"

    Somewhat offtopic: I'd so wish people would stop flinging this phrase around, like it would actually exist... That enterprise grade security has failed millions of people over the years, sometimes quite spectacularly. Adding a heuristic set of mixed-up unreliable biometrics won't change that, but it will make your life hell, when it fails (as it inevitably will). All that incorporated into an OS that likes to call home more often than an average person calls their Mom :)) So, good luck with all that :))

    --
    I am putting myself to the fullest possible use, which is all I can think that any conscious entity can ever hope to do.