On the occasion of the WinHEC conference held in China, Microsoft introduced a new bio metric authentication feature called Windows Hello. The ambition of the publisher is to use fingerprint recognition, iris or face as an alternative to password, thanks to Windows 10.
Bio metric authentication, this is not new, although because of its cost and complexity of its use is mostly remained confined to the company, even in areas requiring additional layer of security.
A “safer technology than traditional passwords”
But manufacturers of mass-market devices such as Apple with TouchID, made more accessible authentication systems. With Windows 10, Microsoft also intends to facilitate access to bio metrics .
How? In “using your face, iris or fingerprint to unlock your terminals … through safer technology than traditional passwords. “And this technology has a name: Windows Hello.
At first sight, this solution might appear to be a response to Apple TouchID. But Ed Bott of ZDNet.com , Microsoft has indeed greater ambitions for its platform. It specifies that Hello is based on a new API whose code name is “Passport” (already used in the past, ancestor of Windows Live ID, Microsoft became Account).
The principle of this authentication is apparently simple: building on a bio metric element when local authentication phase, that is to say on the terminal. Hello Windows will use the bio metric data and the associated apparatus as keys to unlock devices, applications, data and online services
The bio metric signature is securely stored locally on the device (possibly within the Trusted Platform Module ) and is never transmitted over the network. According to Microsoft, Windows Hello offer an “enterprise-level security” suitable for use by government agencies and actors in the defense sector, finance and health, and the regulated industries.
The publisher states that the API “Passport” will be consistent with the directory services using cloud Azure Active Directory and those meeting the specifications of the consortium FIDO (Fast Identification Online).
But if bio metric authentication provides theoretically strong security level, it can still sometimes be abused. However, Microsoft ensures that its solution will combine hardware and software to protect against spoofing techniques.
The sensors’ use infrared technology to identify your face or iris and so recognize you in varying lighting conditions, “says the editor, for example. Windows 10 will bring the software layer and rely on hardware solutions manufacturers such as RealSense 3D Camera System from Intel.
As early as October, Microsoft had introduced into the code for the pre-release of Windows 10 on “Next Generation Credentials” department . The idea is for a Windows user to “join” a terminal (PC, tablet, telephone) so that it becomes a factor of two-factor authentication.
To connect (a site, application, …), the user must have this physical device, combined with a PIN or a bio metric such as a fingerprint. The link with Windows Hello occurs here.