Building biometric authentication into your Windows 10 app is easy with Windows Hello

Windows 10 and Windows 10 Mobile come with many new features, but none are as cool as Windows Hello. Windows Hello is Microsoft's catchphrase for biometric authentication including fingerprint, iris, and facial recognition systems. Many Lenovo products already ship with a fingerprint scanner, the Lumia 950 and Lumia 950 XL use iris scanners, and the Surface Pro 4 and Surface Book leverage facial recognition.

In a new blog post, Microsoft explains in detail to developers how they can implement Windows Hello directly into their apps. The feature can be used in a few different ways including handing off to Managed Service Account (MSA) for logging into a Microsoft Account or just unlocking a password protected app.

Windows Hello – What's the difference between an iris scanner and 3D facial recognition?

Three high profile apps – iHeartRadio, LastPass and Dropbox - already utilize Windows Hello and the above instances.

Windows Hello

In Windows 10, Windows Hello is used to login into the OS and make purchases through the Store for apps, games, and movies.

How to set up Windows Hello facial recognition in Windows 10

As Microsoft explains:

"When Windows Hello recognizes a user, it uniquely identifies and authenticates that user to access Windows on that device. What the user does not see is that Windows Hello releases a stored credential that is used as the second authentication factor by Microsoft Passport. But it isn't just for logging in to Windows. It also provides a secure way for your app to authenticate an individual user on a specific device."

For developers, Microsoft has made implement Windows Hello into their apps stress-free:

"The code for implementing this has been made as easy as possible to encourage adoption by the dev community. You don't need to have a deep understanding of encryption, biometrics, or Microsoft accounts; you don't even need to know all that much about security to use these features to create a more secure app."

The rest of the article goes into the coding behind Windows Hello and Microsoft Passport including an example on GitHub.

If you are a Windows developer looking to make an app using the Universal Windows Platform (UWP), then you should check out the article. Using two-factor and biometric authentication is the future, but it is here today so let's see those apps!

For consumers out there, let developers know about Windows Hello so that they can use it in their apps too.

Source: Building Apps for Windows blog

Daniel Rubino

Daniel Rubino is the Editor-in-chief of Windows Central, head reviewer, podcast co-host, and analyst. He has been covering Microsoft since 2007 when this site was called WMExperts (and later Windows Phone Central). His interests include Windows, laptops, next-gen computing, and for some reason, watches. Before all this tech stuff, he worked on a Ph.D. in linguistics, watched people sleep (for medical purposes!), and ran the projectors at movie theaters because it was fun.

  • Daniel, can you look less excited in that picture, please?
  • Yeah buddy that smile is way too exaggerated!
  • Looks as he's been beaten by someone.
  • Lol.. Looks like he hasn't had a day off in years.
  • Why isn't there a descent web cam for desktop with windows hello?
  • The best answer is because nobody in the real world knows what Windows Hello is....
    And, manufactures know that nobody wants to see Daniels zits in HD... Lol.
  • Well, there's a bunch of notebooks that support it including surface so where is the desktop cam??
  • How much research have you done on cams? Are you sure you know all the options? If I'm not mistaken WC did an article on some available cams.... If not they need to.
  • I did some searching online. All I could find was the developer camera which was out of stock and oversized. The article WC did was on notebooks.
  • I watched the presentation at BUILD. Glad to see they have a sample project now. This is a great alternative that I hope many app developers adopt.  No credentials are sent over the wire, just the public key from the generated certificate. Public key = user+device.   Developers need to adjust there apps/services to have an array of keys for every user and their devices.
  • Something like this could've prevented that Target crisis, and others that followed.
  • It's awesome but still very beta. It keeps freezing when trying to unlock.
  • Works great. Did a project with >10 Surface pro 4 with Hello and iris scan. It works so well, we put it into production. Fast and 99% succesrate. What I also noticed is that it is also very cool with multiuser. Not only as authentication but also as identification. VERY cool.  
  • I have a feeling he may be talking about Windows Hello on the phones.
  • Still there is no way to protect your apps being used by others or to protect them from uninstalling.
    We want an app (it'd be better, if it is integrated) that could lock certain apps we use daily like WhatsApp, Facebook bcoz they aren't pasword protected like One Drive, Dropbox.
    Also anyone can uninstall the apps you have easily or he can download & remove them being unnoticed. How to protect our apps being uninstalled by others?
  • So what you are saying is that if someone installs your app from the store, the app should be able to not uninstall or make it really hard to do? Yeah, your app would be real popular. "We want an app..." Don't include me in what you want. I want to uninstall apps I don't want on my system. And what does forcing your app not to uninstall have to do with the topic of this article?  
  • So do i. But my comment is related to privacy. That we don't have.
  • Add a PIN lock and don't give your phone to "others". Sorted.
  • I read your comment as you are writing an app you don't want to be uninstalled. But as others have pointed out, put a pin/password on your phone/desktop/tablet then lock it. Or you can do what this article is about, set up Windows Hello if you have a 950 or Surface Pro 4. If you are letting people get access to your phone and you don't have a pin/password, then you only have yourself to blame. There is an entire infrastructure around keeping people from using your phone/computer. Use it before claiming that Microsoft is screwing you over.
  • @NaermGilani, what your basically looking for is the apps corner on the phone. If not then well, preventing users from uninstalling your app is simply not going to happen.
  • Kid's corner / Apps Corner for phone. Don't unlock your device and give it to someone.  That's like telling the OS that you don't care who is using the device. If you have a PC set up user accounts and security that have been there since WinXP. If you want to be handheld through every step of the process, there's an iPhone with your name on it somewhere.
  • or set up children's corner with only the apps that you are ok with others using, and only ever let others use your phone when it is in children's corner. that simple... Children's corner is so useful for so many things apart from just letting children use it. yet another feature that other operating systems haven't even thought about doing.  
  • I think what would work for your case ( one computer multi-user, I hope I'm understanding you correctly ) on a PC set up an account for each person along with an admin account. Each account would be able to have their own apps and passwords.   
  • It is certainly great feature for developers to consider but on windows mobile (with 950) I can say that the user experience is not consistant. Still a beta of course but big bug beta. Has anyone else abandoned using windows hello with their 950 due to too many failed unlock with the iris scan?
  • If I could use iris scan instead of one password for each website I log into, I would totally switch over, no complaints, even if it did not work 100% of time as expected.
  • It's up to web developers to add support for Microsoft Passport. I'd like to see Microsoft Passport working with OpenID so I could log into my windows phone with my gmail account and biometrics.
  • It's up to Microsoft to some extent actually. Us web developers need a web standard using Windows Hello in order for it to be implemented in web browsers for it to then be possible for us to use. MS Edge will eventually support FIDO 2.0 which opens up mass potential for Windows Hello on the web, but that's quite a long way away at the moment considering that the FIDO 2.0 specification is incomplete. :/
  • Since when does LastPass support Hello? A quote from the article Dan linked to:
    Finally, for now Windows Hello and facial recognition do not work with LastPass. We're hoping that Windows Passport and LastPass play together nicely when Microsoft's service begins to roll out in the future.
    So I ask again, since when does it support Hello? It simply supports fingerprint readers and has done so for years.
  • I really wish they would bring consumer windows hello capable webcams out.
  • Will this work on LUMIA ICON when ( and if ) Microsoft will push Windows 10 to it's own previous flagship phones ?!...
  • I doubt it... The only way it might work on older devices is with facial... I still doubt it..
    But, you're in luck because it'll probably (Most Definitely) work with the alleged Surface Phone.. So, wait with the rest of us smart people.
  • It won't, the older devices are missing the 3 cameras. Windows hello needs a realsense 3D camera that is more than a regular camera. It also has integrated an infrared camera, and a laser. Hence it's bigger, and not backwards compatible with existing plain camera devices.
  • Do u know that anyone can add biometric authentication if they find your PC open, without verification?
    It happened to me. My friend added his finger print on my laptop without me knowing. Win10 doesn't ask for verification when adding new or removing biometric auth...
  • You have to have a password/PIN to use Windows Hellow.  Windows 10 does in fact require you to enter your password/PIN when adding biometric authentication.
  • Then criminals will be pleased. Then criminals will be pleased. Whether face, iris, fingerprint, typing, gesture, heartbeat or brainwave, biometric authentication could be a candidate for displacing the password if/when (only if/when) it has stopped depending on a password to be registered in case of false rejection while keeping the near-zero false acceptance.  Threats that can be thwarted by biometric products operated together with fallback/backup passwords can be thwarted more securely by password-only authentication We could be certain that biometrics would help for better security only when it is operated together with another factor by AND/Conjunction (we need to go through both of the two), not when operated with another factor by OR/Disjunction (we need only to go through either one of the two) as in the cases of Touch ID and many other biometric products on the market that require a backup/fallback password, which only increase the convenience by bringing down the security. In short, biometric solutions could be recommended to the people who want convenience but should not be recommended to those who need security. It may be interesting to have a quick look at a slide titled “Blind Spot in Our Mind & Eye-opening Experience” shown at    
  • This is very cool for the app Im working on, can't wait to get my hands dirty with Windows Hello!