Demo of unlocking Windows 10 with Windows Hello from Build 2015

Coloured contacts?

This is a fundmental flaw with biometrics.  You can't change your password. Overall, passwords are much more secure than biometrics in many real-world situations.  For instance, if the feds want access to your password protected system, if it is well encrypted they're SOL.  If all they need is your fingerprint, they can force you to swipe it. Passwords FTW.

Lol no passwords are not more secure. I am the only one with my eye. I am not the only one who can type a few characters in the correct order. There at programs designed to input many different passwords to figure out a password.
Also, I probably wont lose my eye or face or finger as much as I may forget a password. Each eye, finger and face is 100% unqiue while passwords are not. Thousands could use the same password as you do. The more common a password is the more likely a person will hack that account. You can try 123456789 as a password and unlock thousands of things but what you can't do easily is use someone's eye, face or fingerprint.

At the end of the day, isn't your eye translated into a series of characters in the correct order? If hackers get to whatever stores your iris information, then they get your iris information. Is that not scary to you? You can't just change your eyes. This won't be a problem now, but if using things that identify you, like fingerprints and iris scans, instead of things that you have, like passwords and cellphones, becomes common, then identity theft could suddenly take a whole new turn.

Wondering about this too. Biometric scan will be translated to data, likely a series of characters. If every device translate the reading differently, we have issue with multiple-device scenario. If even every service hash the data differently, theft only need to recreate the data string. In the end, it's just an elaborated automatically generated difficult password.

I do agree with this. But what a lot of people forget here is that a bioprints aren't enough with Windows Hello: it's a double identification process where you do need the right authorized device to log in.
So, in order to crack your biometrics, one will need to both steal your device *and* crack the encryption. Remember, your biometrics remain local, on your devices and aren't stored elsewhere. And like with Windows Phone, you may wipe your device clean as soon as you lose it.

Your right. That's how this thing's gonna work.

Exactly! The point is you don't need a password. Nobody has your face, eye and or fingers. Sure finger prints are more hackable, but it's way more secure. If they somehow get my eyes out of my eye sockets and steal my device, than I guess they can have it.

Unless they kidnap you...

Like Thurrott said.. If that happens then he has bigger problems than the security of his device.

still forcing password/pin number would be at least just as easy to get from you if you're kidnapped =)

You are forgetting that biometrics work in the same fashion as encryption, and that these alternative forms of authentication fail if your passcode has been breached. They use a scheme in which any form of alteration of your person could result in authentication failure.  Biometric systems are not infinitely accurate.  There are known ways to exploit finger and iris authentication systems, therefore they decrease security by adding more points of entry. In this case Biometrics are different from two step authentication, as they do not require the passcode to login.  Therefore Microsoft Hello does not improve redundancy but decreases security for people who have and maintain secure passwords. 

You completely igonored the previous post. *IF* your password was legally subpoenaed by law enforcement you can always say you forgot it and accept the consequencs. With biometrics, they'll simply physically force whatever body part you're using to unlock things. 

In the United States, a password is protected as a form of self incriminating information that one cannot at present be compelled to provide. Biometric information is not subject to this protection. You can be compelled to provide it. I think that the best security possible can be obtained using an MFA approach using a combination of passwords, smart cards or one time code soft keys or hardware keys and biometrics.

If law enforcement wants what is on your phone you have much bigger problems to begin with.  The average law-abiding citizen isn't worried about this.

I am an average, law abiding citizen and I am worried about this.

No, this would put you in the minority of folks that are worried about this. 

No.  This would put you on the fringe of people in the "I don't care about my privacy" group.  All else being equal, most people would prefer to be able to keep their private information private. In any event, my original point was that "passwords are much more secure than biometrics in many real-world situations" and this is just one example of such a situation. The simple fact of the matter is, there is no way, at present, that you can be forced to reveal your password.  You can be jailed, tortured, have your family's lives threatened, etc., but if you really, really want to keep it private, it can't yet be extracted directly from your brain.  Furthermore, if someone hacks your password, it is trivial to change it going forward.  Biometrics do not offer these elements of security. What they do offer is good-enough security in many cases, excellent security in some cases, and lots of convenience.  I am pro use of biometrics.  But let's not fool ourselves that they are the be-all and end-all of password-based encryption and that we should all just hop on the bandwagon. And let's certainly not assume that most people want to adopt a culture where the government has the right to pry into our every private moment.  I don't give a rat's ass if I'm innocent or guilty of anything.  I don't want the cops -- or anyone else -- on my private phone.  Period.  I think that's a completely "average" point of view.

The average person isn't concerned with law enforcement going through their phone. The average person acknowledges and accepts things like the patriot act and the NSA prying into our personal lives. We may not agree with it but when reality sets in and you remove your tinfoil hat you'll see, like the rest of us, nothing has changed and worrying about an officer forcing you to unlock your cellphone is not going to happen to more than 51% of the citizens of the USA.  I understand your point of view about privacy and so forth.  I understand the differences between biometric security and a strong always changing password.  I'm not disputing any of this.  All I'm saying is that most people are not concerned/paranoid about law enforcement officers accessing their phone. In fact, some states allow for people to carry digital insurance I'd cards on their cellphones.  When they get pulled over they confidently hand over their unlocked cellphone. I, like most Americans, haven't committed any crimes or keep any incriminating information on my cellphone. If a cop wants to call my grandfather or see how many steps I've  walked/run today that's all they're going to get. Maybe they can help me out with candy crush. This definitely isn't a fringe point of view. Go protest the patriot act if you're concerned with your personal information.  

Not sure what the Patriot Act has to do with anything.  And I'm pretty sure if the NSA wants into my phone, they will do it without breaking my password...they've probably already snuck a back-door into my firmware. But I just fundamentally disagree with you about what "most" people feel.  I am quite certain that, "all else being equal, most people would prefer to be able to keep their private information private." I'm not up at night worrying about it, and I don't think most other people are, either.  But if and when people do stop to think about it, this is something they want.  Apple knows this.  Google knows this.  It is why they are making their phones "uncrackable" even to governments.  It is considered a selling point and, once one does it, the other has to too so as not to lose ground. If you are okay with government having relatively free power to go through your private information, you are in the minority.

"I'm not up at night worrying about it, and I don't think most other people are, either."   it it took you a while but you eventually agreed with my initial comment. Thanks for playing.   Have a great weekend.

If that's how you interpret my response, I think some remedial reading comprehension sessions may be in order.

It's not an interpretation. Those are your words. Don't get mad at me and attempt to insult me because you planted your foot in your mouth.  My initial comment: "... The average law-abiding citizen isn't worried about this." Your comment: "I'm not up at night worrying about it, and I don't think most other people are, either." Can you comprehend that this dialogue is now over thanks to your childish and negative response?

No not being worried isn't the same thing as accepting it or being passive, "I'm not doing anything illegal" Posted via the Windows Central App for Android

Yes, it certainly can be. Something may not worry you and I for different reasons. Being passive or accepting the reality of our world, tech and security are just some of the many reasons.   For example, Your reason for not being worried may be because you haven't done anything illegal. My reason may be because I accept that security on mobile connected devices is a joke.   Our reasons don't have to be the same. My point was that the scenario initially described isn't something that worries most people. What that tipping point of worry actually is, depends on the individual. 

A system can use three caracteristics to identify you. Something you know, such as password. Something you have, such a token, or cell phone. Something you are or do, such an iris, finger print, speech. The biometrics does not compete with passwords, a system can work with both together.

This system does not implement two step authentication, so the "have"/"are" things only work against the password.  A two step system would actually make a difference in the enterprise!  Helps guarantee that only the owner of the account can login, even if the administrator knows the password.

If there to the point where they're forcing you to swipe, you'd probably just give them your password. Or they'll force you to. Also, what the heck do you have to hide? haha

So are you saying they can't force you to punch in your password? =) Your fingerprints however are fairly easily obtainable. But that's where the ultrasonic fingerprint scanner comes into play http://arstechnica.com/gadgets/2015/03/02/qualcomm-unveils-its-answer-to...

So much interested in changing, change it from left to right, use face and then use all 10 fingers one by one.. A lot of option.

Yes! I remember with iPhone brags about touchID.  Its cool sure finger prints as passwords secure- check!  And so I configured my wife's iphone6 with touchID as password.  At first my kids could not get pass it but oh boy, when my wife fell asleep what did my kids do?  He grabbed my wife's thumb onto the iPhone6 sensor and viola!  security bypassed.  Yep passwords are more secure like this 00*$%@x,fakUUU~`80493xXyYY.  This is why nuclear codes are still passwords.

Nuclear codes are a bad example. Remember that they did use 00000 for a significant portion of the cold war to prevent launch failures. Also British missiles could configured without any locking device for the same reason.

Maybe he thinks it's going to melt his brains.

How is a password a safer option than your biometrics?

Because it would probably be easier to clone me than guess my passwords. :p

You're wrong.

what happens when you lose your eyes in an accident? this is a horrible example and i am sorry...

They'll surely be a password backup.

If you lose your eyes in an accient then you'll be selling your computer on Craigslist. You won't need a computer. lol.

Hahaha I died laughing folks. This was like the MasterCard commercial. Computer $500. Get a phone with iris protection $800. Loose your eyes in am unfortunate accident, MasterCard cant help you with a free eye replacement.

but you'll need a computer to sell your computer on Craigslist.

Passwords can be changed, your fingerprint, retina, or face cannot. Biometrice can give a basic level of protection, I say for basic log in, store purchase. But for real security, password ermains safer.

Crooked cops can just hold your face over your Phone./ Tablet/ PC. Good luck with me telling them what my password is. I like this feature but the way things are going i'm sticking with my password.

If you watched the official Windows Hello introduction video you would know that they specifically optimised it so that the system could not be tricked by simply holding up a photo.

No, the cops are holding your face / head

how often is this happening to where this is an issue?

Why would the cops wants to barge into my phone? how will they force me to put my face? Unless I'm a huge criminal I don't think cops will want to barge into my phone and if I were I woulnd't be exposed to cops just like that.... the reasoning of poeple to opposed this feature is hilarious. I believe this is more secure than a password. The same way you make arguments against it we can make arguments against passwords. However, passwords arguments are mor eprobable. Someone mya leave their password typed in a sticky note, I'm not leaving my eye in desk... hahaha

Windows is not just made for the USA; there are many countries in the world where law enforcement and government agencies have not earned the trust of their citizens.

2 factor authentication is safer, something you have, iris scan and something you know, pin/password.

This makes me think of all those movies when the good guy or bad guy would kill the person and use their fingerprint or eye to open secure doors. I can already imagine the scenario if someone robbed me. "unlock your phone or I'll make you!"
*takes my phone and cuts off my thumb* The horror.

lol. Because what if someone steals my eyeballs, right?

I think the main reason I would consider NOT using this is he used it to buy Horrible Bosses 2....that makes this kind of technology just feel.....horrible!  

Unrelated,,, but the new Edge browser symbol looks like Joe's hair when Terry cut it in PhotoShop earlier.

Haha

You mean the logo?? Oh yes, it sux. The name's kinda meh but fine.

Supposed to be a joke, and you went seriousing it all up... Lol.

I already use fingerprint so yeah I'll end up using it most likely

I wonder if it will be possible to require both a biometric and a password, for those who really care about their privacy. And unrelated, one bad thing about using this is you won't be able to ask a family member to log in for you to do something if needed.

We can use both, but separated. If you asks someone to do something you just give your password. It's not like you only can sign in with your face/fingerprint.

Well I guess you could add more than one finger print. I.e Yours and your partner

Who you are and what you know :-)

It's so fast!

How is the name Hello going to work❗ Lawsuit❓
..........
Facebook has just launched it's, more popular, phone number screening app by the same name... Surely, something's gonna have to give in one direction, or another.

I think MS presented this first back in January.

I guess whoever has rights to it.. IDK..

Its not a problem because its called "Windows Hello".

You think that doesn't make it a problem... Lol. Probably makes it worse.

I know its not a problem and on the top of that they dont have similar functionality in the same scope of industry. Have you ever filed for a patent or trademark?

Remember when that flight (Sky) company sued MS because of SkyDrive? Different functionality, totally unrelated.

It was Sky the broadcaster. Who'd recently moved into trying to do ISP stuff. So they may well have wanted their online backup cloud thingy to be called SkyDrive. Basically, there was a tiny little bit of overlap. But the lawyers made themselves some money, so all's OK. I actually prefer OneDrive as a name now.

So, you're saying that SkyDrive, had a similar purpose, and functionality as that stupid European companies name?.. Lol. That doesn't even make any sense, and I doubt that's the only variable that makes these things end up in court.... I'm not sure you know a whole lot about how it works.. Not saying I do, but you don't either. Lol.

+820

This +crap has GOT to stop...man that is so dumb. You guys that write that, you actually look at those posts and say "yup! Nailed it with that comment!" Bloody hell man. On a related note, I like this direction with biometrics.

Dude, relax.... Who cares.
......
Don't loose sleep over it. CALM DOWN❗

+1520 ;)

Right..

+Lenovo A740 All In One with Windows 8.1 Pro (Now that is all Windows 10 - why canr we use desktop device names as +Device as well ;-)   Well if now we start using desktop device signature like that, that might just startirraitating these "device plussers" enought to stop this foolishness.

Now, that's a non issue..... Lol.

omg! okay okay i skipped explaining ALL of the technicalties i'll admit. I do apologize for the confusion. I would hope I know about it since I make a living off of doing it lol. The reason "Skydrive" didnt work for Microsoft, even with a completely different scope is because the word "Skydrive" is proprietary! "Hello" isn't. It's of common and general nature and usage. I hope that clears it up.

No, that doesn't clear anything at all up.. And, I think you're perception is that we're saying MS will most definitely have to change their Hello name... We all know that companies file litigation, or whatever it's called, on everything... Almost as if they are fishing to see what they can get.... Doesn't always work, but they do.. Nobody is right or wrong here. Just saying that we think there's a good chance someone will try.
.........
You're over here arguing politics.. Lol.

Wait so telling you something to admittedly dont know too much about becomes arguing politics? lol k

If I thought you knew what you were talking about then I might have to use some sorry copout like that, but no....
........
Just saying that we're arguing two different things... Why are you taking "arguing politics" as something negative anyways❓ Should I have said arguing specifics, or technicalities❓ Doesn't really matter either way....... We're saying someone might sue, and you disagree.... Ok

Facebook's app name is not hello its larger and complex name there

No, it's just simply Hello....
http://newsroom.fb.com/news/2015/04/introducing-hello/

Windows Annyong?

Honestly, why does MS always have to go with the cute sounding names, rather something cool❓

WINDOWS IRONCLAW WINDOWS DOOMSHADOW WINDOWS ALLCAPS

Exactly❗❗❗ You should work there.

:D WAIT, I MEAN >:(

Microsoft Bob?  

Nice ;)

They should've just called it "Windows Pertinent Bio Scanner System Verifier 10".
.........
That sounds cute.

Iris scan? Yep, count me in.

That's sick! Hell yeah

I hope it comes with next flagship phone ;)

"But the laser will burn your eyes out"
.........
WP fans.... Lol.

Fark yeah!! :D

Yes, I will use the heck out of this.

But what if my evil twin gets infront of my pc? :)   Seriously tho this is kinda awesome

Well in that case, you would have much bigger problems :Pm

Oh yes, I definitely want this.

Is this one of those you can just hold a picture in front of to unlock like the android one a while back?

 OEM systems with Intel RealSense 3D Camera (F200) will support facial authentication

Hopefully that's enough to beat that problem! 

Much different and yes, pics won't work.

Nope, They've shown this in the videos.  

They should have shown this during the keynote instead of boring people during the first hour!  The stuff they showed during the first hour could have been shown on Day 2 (like Dan mentioned).

Devs Stuffs on a Devs Conference, oh well how inconvenient. /s

I already have fingerprint readers on my desk and laptop, and all they do is unlock my account when booting up, any improvement is welcome considering this, and I would love to buy a decent camera that improves both video calls and security with face/iris unlock, what about Kinect? I mean if I have a windows pc as my "xbox" with a Kinect sensor will it work? they didn't say anything about that

Of course i'm going to use it. Can't wait for it on Surface Pro 4!
 

So this Windows Hello, is it downloadable content or built in? Cause it says optional..

No, it's optional in the same way that using Bluetooth on your phone is. You turn it on or off.

Is there a keynote of Windows 10 (PC, PHONES) in build 2015? When?

Hey BUILD is developers conference. So apps and codes will be there.
But hope for more windows10 features in keynote2 like interactive live tiles,lock screen,windows hello and split screen

Keynote 2, when is/was it?

It was on second day of builds but it happened all developers and nothing new about win10 features.

If it goes horribly wrong at least we can just shorten it to Windows Hell.

So, what if someone just comes up with a picture of you❓Like one of those heads on a popsicle stick things... Lol.

I will use this ALL the time. In fact the main reason why I haven't bought an Asus UX305, Dell XPS13 or HP Spectre x360 this month - although I have the money saved up - is precisely because I'm waiting for them to be released with these biometric cameras. I don't want to ever memorize a password again.

Mos def

Windows Hello is really cool. Hope it will also be on Windows Phone. I love to fingerprint unlocking.

Sounds interesting but I won't be using it, personally. Nor can I imagine this in the Enterprise sector - far more capable systems exist. Good on msft for bringing it to a broad consumer base but biometrics can still be defeated, buggy and prone to spoofing. But then if someone gets close to physical access of your device they can just jack the ssd and breach at their leisure. For all other authentication just use a password (15 characters plus) and/or two factor authentication - ie bio and password or whatever. Cheaper devices won't have the level of encryption needed to defeat a concerted hack so I don't know or want to say how much of this is just for the hype.

MSFT needs this to stay relevant.  I think they are REALLY late in the game with this addition to the Windows universe.  I just hope it is a better/more secure implementation than competitors'.

This makes me happy. The company that made the fingerprint software on my PC went poof and it barely works anymore.

Why passwords will not go away? Consider you want to share an account with others. Such as a Skype account for the family where anyone can login, in the living room for example. Or a business account like seller dashboard where several people go in to publish apps. You got to have a password you can share. You can't share your face.

Would definitely give this a try

so the next flagship will have all these features (from hardware point of view) .. Just awesome. please dont make us wait too long. though.

So, eye ball laser scanner in the next flagship Lumia? (LOL, I love the line about Microsoft partnering with hardware OEMs to make it happen.....as if, on the phone side, they're not the majority OEM by, what,  95% of sales?   So, it's kinda of up to them to also put in the hardware in devices.  Surface line too.)

I think I might use this. Will buy an external fingerprint scanner for this (maybe). 

Most of you make zero sense. Your logic is flawed to think that you password is more secure then a biometic passkey which is not the same as a password. Plus none of you are so important that someone would waste the resource to do so.

Yea I'd use it. Dunno if my Lumia 521 will be supported but i love that stuff

I'd like to see the MSFT developer take a high resolution photo of his face and place it in fromt of the camera....that said, I'll use this if the authentication can be setup for two-steps (fingerprint and facial recognition.)

Sounds like it could be very successful. NR

i'm so totally using it