Microsoft's Windows 10 operating system supports a whole array of biometric login and authentication options.
Instead of having to log in typing a username and password, Windows 10 users can use their fingerprint, face, or other biometric information to sign in.
Microsoft calls these biometric sign in options Windows Hello, and they are only available if the device's hardware supports them.
For instance, to sign in using facial recognition your device would need access to a (IR) camera, while a fingerprint reader would be needed to sign in using your fingerprint.
You need to do the following to configure Windows Hello functionality on a device:
Depending on your device's hardware capabilities, you may see none, one or multiple options to use biometric identification to authenticate on the device.
Please note that you can only enable Windows Hello if the device supports at least one option, and if the feature has not been disabled by a system administrator.
As far as what is happening in the background during the set up process: Windows creates a representation of the captured data, encrypts it, and stores it on the device. This data is not the photo of a user, the iris or the fingerprint, but data that is used to recognize it.
You can read more about Windows Hello and privacy on Microsoft's website.
Enhanced Anti-Spoofing is an optional security feature that is not enabled by default. Facial recognition on Windows 10 uses algorithms to determine if what's in front of the camera is a photograph or a real human being.
You may improve the detection by enabling enhanced anti-spoofing options provided that the device supports those.
You have two options to improve the security of the biometric sign-in process: using the Group Policy or the Windows Registry.
You may enable the security feature using the Group Policy Editor.Please note that the Group Policy Editor is only available on professional or Enterprise versions of Windows 10. If you get an error message launching it, skip to the Registry method below.
The following steps are required:
This enables the feature, and Windows will make use of it from that moment on provided that the device supports it. There is unfortunately no indication whether that is the case or not.
If you enable this policy setting, Windows will require all users on the device to use anti-spoofing for facial features, on devices which support it.
If you disable this policy setting, enhanced anti-spoofing is turned off for all users on the device and they will be unable to turn it on.
To turn the feature off again, repeat the steps outlined above but switch the status of the policy to disabled, or not configured.
The feature can be enabled using the Windows Registry as well.
This enables enhanced anti-spoofing using the Windows Registry. To undo the change, delete the key again or set its value to 0 instead of 1. (via Make Tech Easier)
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.