![]() Represents the instance a biometric identification solution verifies an unauthorized person. We've been working with the device manufacturers to help ensure a high-level of performance and protection is met by each sensor and device, based on these requirements:įalse Accept Rate (FAR). Has Microsoft set any device requirements for Windows Hello? These sensors will store biometric data on the fingerprint module instead of in the database file. Some fingerprint sensors have the capability to complete matching on the fingerprint sensor module instead of in the OS. The template data for the sensor will be encrypted with this per-database key using AES with CBC chaining mode. Each database has a unique, randomly generated key that is encrypted to the system. Additionally, even if an attacker was actually able to get the biometric data from a device, it cannot be converted back into a raw biometric sample that could be recognized by the biometric sensor.Įach sensor on a device will have its own biometric database file where template data is stored. This separation helps to stop potential attackers by providing no single collection point that an attacker could potentially compromise to steal biometric data. It doesn't roam and is never sent to external devices or servers. The biometric data used to support Windows Hello is stored on the local device only. Support for Windows Hello is built into the operating system so you can add additional biometric devices and policies as part of a coordinated rollout or to individual employees or groups using Group Policy or Mobile Device Management (MDM) configurations service provider (CSP) policies.įor more info about the available Group Policies and MDM CSPs, see the Implement Windows Hello for Business in your organization topic. Because an attacker must have both the device and the biometric info or PIN, it's much more difficult to gain access without the employee's knowledge.Įmployees get a simple authentication method (backed up with a PIN) that's always with them, so there's nothing to lose. It helps to strengthen your protections against credential theft. Windows Hello provides many benefits, including: ![]() Why should I let my employees use Windows Hello? If multiple employees share a device, each employee will use his or her own biometric data on the device. Authentication doesn't roam among devices, isn't shared with a server, and can't easily be extracted from a device. The Windows Hello authenticator works to authenticate and allow employees onto your enterprise network. With Windows Hello, authentication happens when the employee provides his or her unique biometric identifier while accessing the device-specific Windows Hello credentials. Windows Hello lets your employees use fingerprint, facial recognition, or iris recognition as an alternative method to unlocking a device. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics.īecause we realize your employees are going to want to use this new technology in your enterprise, we've been actively working with the device manufacturers to create strict design and performance recommendations that help to ensure that you can more confidently introduce Windows Hello biometrics into your organization. Customers who have already deployed these technologies will not experience any change in functionality. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the Windows Hello name. ![]() When Windows 10 first shipped, it included Microsoft Passport and Windows Hello, which worked together to provide multi-factor authentication.
0 Comments
Leave a Reply. |