Introduction: Windows Hello for Business is an authentication technology that allows users to sign in to their Windows devices using biometric data, or a PIN, instead of a traditional password. It provides enhanced security through phish-resistant two-factor authentication, and built-in brute force protection.
Setting Up Windows Hello:
- Navigate to Settings > Accounts > Sign-in options.
- Setup a PIN
- Choose facial recognition and/or fingerprint to add biometric login.
- Follow on-screen instructions for setup, ensuring accurate scans.
Using Windows Hello:
- Use facial recognition, fingerprint, or PIN during login.
Addressing concerns about use of a PIN for Windows login
- Windows Hello has built in protections to stop brute force guessing of a PIN
Benefits:
- Security: Enhanced security with unique biometric data or PIN.
- The biometric data and PIN never leaves the device, and since attackers need both the device and the PIN, it serves as a form of two-factor authentication.
- Since no passwords are used, it circumvents phishing and brute force attacks. Most importantly, it prevents server breaches and replay attacks because the credentials are asymmetric and generated within isolated environments of TPM chips.
- Speed: Quick login with a glance, touch, or PIN entry. A much shorter (2-5 minutes) lock screen timeout period is far less of a workflow interruption when the screen can be unlocked in an instant.
Troubleshooting:
- Ensure good lighting and clean hardware for accurate scans.
- If issues persist, revert to password login.
- If you forget your PIN, an easy workflow to reset it is available on the lock screen by logging in with your Ithaca College email address and password.