Windows Hello for Business: Eliminating Passwords with Authentication for Windows Stores

Windows Hello for Business: Eliminating Passwords with Authentication for Windows Stores

Microsoft is trying to get rid of that sticky note that you‍ see taped to everyone’s office‌ monitor. You ​know, the​ one with the password on it. The one with ⁤all of the old passwords crossed off one by one, each one subtly different from the last — an exclamation point turning into an ampersand, a one into a two.

Enterprises have really done this to themselves. The passwords that most organizations require — which have to be complex, with long strings of⁤ numbers and specially cased phrases with some (but not all! heavens no, not the one⁣ you want) symbols — are difficult to remember. There’s no hope except to‍ write them down. Then you have to reset them every so often. Then ‍they ​get recycled. And on and on the ‌cycle goes.

Luckily for Windows shops, ‍Microsoft has introduced an enterprise-quality method of using biometric identification and authentication without requiring the purchase of high-end hardware —⁢ and it is baked right ⁣into Windows 10 and 11.

In this piece, I want to take a look at this ⁣innovation, called Windows Hello for Business (WHFB), explain how it works, and show ⁣how to enable it to secure ⁤your ⁣enterprise‌ while eliminating the need for your users to handle cumbersome passwords.

How Windows Hello for Business works

Windows Hello is the ‌most‌ common and⁣ most widely known of⁣ the biometric authentication ⁢schemes that Windows supports. It⁤ lets Windows 10 and⁣ 11 users‌ who have devices with fingerprint readers or special ​cameras‍ log into Windows via fingerprint or ​facial​ recognition. The consumer version⁢ of Windows Hello is a device-specific​ mechanism and doesn’t transport between a user’s devices, so they will need to make a PIN or gesture on each device​ they want to use.

Windows Hello for​ Business takes ⁢the Hello idea and bundles it with management‌ tools and ⁢enforcement techniques to ensure​ a uniform security profile and enterprise security posture. WHFB‍ uses Group Policy or ⁢mobile device management (MDM) policies, usually enforced with Microsoft Intune, ‌for management and enforcement, and leverages ⁤key- and certificate-based authentication ⁣in most cloud-focused scenarios for maximum protection. The PINs and gestures created‌ by users work across⁤ devices in the WFHB model.

Windows⁤ Hello acts on one of two fronts: It can scan one’s fingerprint, or it can take an infrared picture of a user’s face and ⁤perform analysis⁣ on it. (Hello ⁢also supports iris scanning, but since iris cameras are better suited to phones than to laptops or desktop ‍displays, the former two methods are more practical for the enterprise.)

It pairs these unique physical attributes of each user with cryptographic keys that replace passwords as authentication ​methods. These keys are stored within specialized security hardware, or are encrypted in software, ⁤and unlocked only after Windows deems them authentic. For organizations uninterested in biometrics, Windows Hello also supports PIN usage to replace passwords‍ transmitted…

2023-11-10 ⁤02:41:03
Post⁢ from www.computerworld.com rnrn

Exit mobile version