What is Windows Hello? The biometric security system explained

One of the first features that greets you when you open up your PC or laptop is Windows Hello. But, what is it?

Read on to discover everything you need to know, including what it is, how it works, what it does with your data and how secure the Windows security system really is. 

What is Windows Hello? 

Windows Hello is Microsoft’s login system for Windows 10 and Windows 11 computers. It supports biometric authentication methods – like facial recognition, iris scans and fingerprints – which help to ensure that not just anyone can get into your laptop. 

These methods are faster, easier and generally understood to be more secure than entering a typical password.

As well as a face or fingerprint, Windows Hello asks users to set up a PIN. Unlike a Microsoft account password, this PIN is only associated with one device, meaning you shouldn’t need to worry about your account being exposed if someone manages to unlock your PC.

Of course, which Windows Hello login options you see will depend on your device’s hardware. If your PC or laptop has a fingerprint reader, you can use your fingerprint to unlock your device, whereas you’ll need an infrared camera to set up facial recognition. 

Is Windows Hello secure? 

According to Microsoft, Windows Hello works by taking the data recording from the camera, iris sensor or fingerprint reader and creating a graph that is encrypted and stored on that device.

On its support page, the company says it does not store pictures of its users’ faces, irises or fingerprints on-device or anywhere else, and states that no information that could identify these features leaves the device.

Microsoft does collect diagnostic data about how people use Windows Hello, but users can choose to opt out of this if they’re not interested. 

While all of this sounds well and good, security researchers have managed to trick Windows Hello in the past, exposing flaws in the security. 

In 2021, CyberArk Labs managed to manipulate the authentication process by capturing photos of a PC owner’s face and plugging in a custom-made USB device to pass them on to the authenticator, gaining access to the device.

CyberArk noted that there was no evidence this weakness had been taken advantage of at the time of discovery, but it goes to show that even biometric methods can be fooled. 

That said, it isn’t as simple as holding up a photo of your face to the camera and, for many users, it seems more likely that someone will be able to guess your password than go through the effort of staging a sophisticated attack on your PC. 

However, it’s definitely good to be aware of all the risks when choosing how to best protect your devices. Windows Hello is also completely optional, so you don’t need to use biometric methods if you’re not comfortable with Microsoft processing your data in this way.