cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Login Options for Windows Hello

Deleted
Not applicable

‎Jun 21 2017 08:08 AM - last edited on ‎Jun 21 2017 08:25 AM by

‎Jun 21 2017 08:08 AM - last edited on ‎Jun 21 2017 08:25 AM by

Login Options for Windows Hello

Hi, will we see a login option where you will both Windows Hello and a PIN or Password for login?

 

6,059 Views
1 Like
9 Replies
Reply
9 Replies

‎Jun 21 2017 08:09 AM

‎Jun 21 2017 08:09 AM

Re: Welcome to the Windows 10 security AMA!

*use

1 Like
Reply
Mike Stephens

‎Jun 21 2017 08:16 AM

‎Jun 21 2017 08:16 AM

Re: Welcome to the Windows 10 security AMA!

Yes, once you deploy Windows Hello for Business, the user will see additional login credential provides such as PIN, fingerprint, and/or Facial recognition depending on the hardware and if the user enrolled biometrics.

Mike

1 Like
Reply

‎Jun 21 2017 08:18 AM

‎Jun 21 2017 08:18 AM

Re: Welcome to the Windows 10 security AMA!

Yes of course, let me clearify:

When will we be able to demand, for instance, both Facial recognition AND a PIN/Password to login?

1 Like
Reply
Mike Stephens

‎Jun 21 2017 08:23 AM

‎Jun 21 2017 08:23 AM

Re: Welcome to the Windows 10 security AMA!

Great question. Windows Hello for Business currently is two factor authentication-- something you have ( a private key protected by the TPM) and, something you have (PIN) or something part of you (Bio).  We are investigating multi-factor authentication (all three factors), but no time line has been established. 

 

What would be interesting to know is what business requirement does three factors authentication satisfy in your organization that two factors do not?

 

Mike

 

1 Like
Reply

‎Jun 21 2017 08:25 AM

‎Jun 21 2017 08:25 AM

Re: Welcome to the Windows 10 security AMA!

Well its partly due to travels and for instance customs. Alot of countries got different rules on this subject, so having just facial recognition might not be the best idea.

1 Like
Reply
Todd Godchaux

‎Jun 21 2017 08:51 AM

‎Jun 21 2017 08:51 AM

Re: Welcome to the Windows 10 security AMA!

I'm assuming there'll be controls on each MFA method? For instance in a secure area we don't want camera's turning on but still would like to use WHFB.
2 Likes
Reply
Stephen Hogan

‎Jun 21 2017 08:54 AM

‎Jun 21 2017 08:54 AM

Re: Welcome to the Windows 10 security AMA!

Remotely accessing another system - say an RDP session to a node on a customer site.

 

The third-factor could be session based, as in it;s only needed for the task the user is running it for,

1 Like
Reply
Mike Stephens

‎Jun 21 2017 08:59 AM

‎Jun 21 2017 08:59 AM

Re: Welcome to the Windows 10 security AMA!

There is a Group Policy setting to enable/disable biometrics in conjunction with Windows Hello for Business. - Mike
1 Like
Reply
Mike Stephens

‎Jun 21 2017 09:03 AM

‎Jun 21 2017 09:03 AM

Re: Welcome to the Windows 10 security AMA!

Windows Hello for Business has a smart card emulation that enables you to use it with RDP smart card redirection. That scenario should work today. You cannot enroll Windows Hello for Business on a remote computer because you do not actually possess the "the something you have" Authentication factors are well defined-- something you have, something you know, or something part of you. A session token is something you have, which would duplicate the protected private key. We need to use a factor from a different category. - Mike
1 Like
Reply