All articles tagged with #windows hello
Microsoft has disabled the facial recognition feature of Windows Hello in dark rooms following a security vulnerability fix, requiring visible light for face detection, which impacts users' ability to unlock their devices in low-light conditions.
Microsoft has updated Windows Hello to require visible face detection via webcams, disabling its ability to work in the dark with IR sensors alone, due to a security vulnerability, which users can workaround by disabling their webcams, but this reduces functionality for video calls.
Microsoft's Recall scraper, which has faced delays due to security concerns, is now in public preview. The feature is opt-in, requires re-authentication with Windows Hello, and includes enhanced encryption and data masking. It can be uninstalled if desired. Initially, Microsoft planned to release Recall without the usual Windows Insider testing, raising security concerns. However, the company is now prioritizing security, with CEO Satya Nadella emphasizing the importance of secure launches over quick ones.
Windows Hello can be used to secure Chrome passwords on Windows PCs by requiring a PIN or biometric authentication before filling in login forms. To enable this feature, users need to verify that Windows Hello is set up on their PC, head to Chrome's settings, and turn on Windows Hello protection in Google Password Manager settings. While using Chrome's built-in password manager can be convenient, it's recommended to consider using an independent password manager for added security, and to also utilize antivirus software and strong authentication methods to safeguard against potential threats.
Security researchers have discovered vulnerabilities in the top three fingerprint sensors used in Dell, Lenovo, and Microsoft laptops, allowing them to bypass Windows Hello's fingerprint authentication. The researchers were able to build a USB device capable of deploying a man-in-the-middle attack, granting unauthorized access to stolen or unattended devices. The vulnerabilities were found in Goodix, Synaptics, and ELAN fingerprint sensors. Microsoft's SDCP protection was not enabled, making the bypass possible. Users are advised to enable SDCP protection as a precautionary measure.
Researchers have discovered vulnerabilities in Windows Hello's fingerprint authentication system that allow attackers to bypass the security feature on certain laptops. The vulnerabilities were found in the fingerprint sensors of Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro 8/X devices. The attacks involve manipulating the communication between the sensor chip and the operating system, allowing attackers to log in as a different user. The researchers recommend device makers to address these design flaws and for users to check for updates or firmware fixes.
Security researchers have discovered vulnerabilities in the embedded fingerprint sensors of Dell Inspiron, Lenovo ThinkPad, and Microsoft Surface Pro X laptops, allowing them to bypass Windows Hello fingerprint authentication. The researchers successfully exploited security flaws in the fingerprint sensors made by ELAN, Synaptics, and Goodix, using man-in-the-middle attacks and custom Linux-powered devices. Despite Microsoft's Secure Device Connection Protocol (SDCP), which was designed to protect the communication between the fingerprint device and the host, the researchers found that SDCP was not enabled on two out of three of the targeted laptops. They recommend that vendors enable SDCP to enhance the security of biometric authentication solutions.
Researchers have discovered vulnerabilities in the fingerprint sensors of Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops, which could allow attackers to bypass Windows Hello authentication. The flaws were found in the fingerprint sensors from Goodix, Synaptics, and ELAN, all of which are "match on chip" (MoC) sensors. The vulnerabilities include sensor spoofing, cleartext transmission of security identifiers, and the lack of support for the Secure Device Connection Protocol (SDCP). To mitigate these attacks, it is recommended that OEMs enable SDCP and have the fingerprint sensor implementation audited by independent experts.
Security researchers at Blackwing Intelligence have discovered vulnerabilities in the fingerprint sensors of laptops from Dell, Lenovo, and Microsoft, which are commonly used for Windows Hello fingerprint authentication. The researchers found flaws in popular fingerprint sensors from Goodix, Synaptics, and ELAN, allowing them to bypass Windows Hello protection. The vulnerabilities involved cryptographic implementation flaws and the decoding and reimplementing of proprietary protocols. This is not the first time Windows Hello biometrics-based authentication has been defeated, and it remains unclear if Microsoft will be able to fix these latest flaws alone. Blackwing Intelligence recommends enabling Secure Device Connection Protocol (SDCP) and auditing fingerprint sensor implementations.
Windows 11 now allows users to create passkeys for signing in to apps and services, including Google accounts, without using a password. This feature, integrated with Windows Hello, provides a more secure and convenient way to access accounts and makes it harder for malicious individuals to steal credentials. Users can generate and save a passkey for their Google account through the Chrome or Edge browser, and can delete the passkey from Windows 11 settings if needed.
Microsoft is enhancing Windows 11's support for passkeys, a new standard aimed at replacing passwords for secure and convenient logins. The recent Insider Preview Build allows users to create and sign in to supported applications and websites using passkeys, which can be authenticated through a PIN, fingerprint, or face scan via Windows Hello. While Microsoft's Edge browser has supported passkeys for years, integrating it with Windows Hello simplifies credential management at the operating system level. Apple and Google have also added passkey support to their respective platforms, signaling a growing adoption of passwordless authentication.