Microsoft defends Windows Hello security despite flaws being found

Microsoft has been forced to defend its Windows Hello software following the publication of a worrying security vulnerability that allows people to trick your webcam into unlocking your Windows 10 PC using little more than a printed photo.

As we reported when the news broke last week, PCs running versions of Windows 10 older than the recently-released Fall Creators Update and that use Windows Hello to unlock the machine using a webcam, can be easily caught out by a simple laser-printed photon taken with a near IR (infrared) camera.

Since then, Microsoft appears to have gone on the defensive, and has published a blog post that extols the virtues of using Windows Hello, rather than a password, to unlock your PC.

Hello, is it me you’re looking for?

Microsoft’s blog post quotes Bret Arsenault, Microsoft’s corporate vice president and chief information security officer as saying “[the password] model needs a makeover. Securing devices is important, but it’s not enough. We should also be focused on securing individuals. We can enhance your experience and security by letting you become the password.”

The blog post also goes into detail about the technology used by Windows Hello, with Rob Lefferts, director of program management for Windows Enterprise and Security, explaining that “It’s actually building a 3D map of your face. It has depth and characteristics, and we use multi-spectrum analysis so we’re getting multiple images of your face from different perspectives.”

If this isn’t enough to convince you that Windows Hello is secure, remember that the security issue from last week involved older versions of Windows 10 , so if your operating system is updated, and Windows Hello properly set up, your device should be more secure.

It’s also worth reading the whole blog, as it goes into a lot of depth about the security technology behind Windows 10.

However, on Microsoft’s behalf, it needs to do a lot more to ensure that embarrassing security lapses don’t happen again, especially as it claims that around 70% of Windows 10 users with biometric-enabled features (such as fingerprint readers or specialised webcams), use Windows Hello rather than normal passwords.

With that number of people relying on Windows Hello to secure their devices, it is imperative that Microsoft makes the technology as secure as possible – and no amount of defensive blog posts will make up for that.

Matt Hanson
Managing Editor, Core Tech

Matt is TechRadar's Managing Editor for Core Tech, looking after computing and mobile technology. Having written for a number of publications such as PC Plus, PC Format, T3 and Linux Format, there's no aspect of technology that Matt isn't passionate about, especially computing and PC gaming. Ever since he got an Amiga A500+ for Christmas in 1991, he's loved using (and playing on) computers, and will talk endlessly about how The Secret of Monkey Island is the best game ever made.