Microsoft's Windows Hello will make your face, finger or iris the new sign-in

With biometric authentication for Windows 10 devices, the world's largest software maker hopes to make it harder for hackers to scoop up your data.

Nick Statt Former Staff Reporter / News
Nick Statt was a staff reporter for CNET News covering Microsoft, gaming, and technology you sometimes wear. He previously wrote for ReadWrite, was a news associate at the social-news app Flipboard, and his work has appeared in Popular Science and Newsweek. When not complaining about Bay Area bagel quality, he can be found spending a questionable amount of time contemplating his relationship with video games.
Nick Statt
3 min read

Windows Hello promises to protect users with three varieties of security, from your fingerprint to your face to the iris of your eye. Screenshot by Nick Statt/CNET

Microsoft is the latest tech company to turn our bodies into passwords.

With Windows Hello, announced Tuesday, users of the upcoming Windows 10 operating system will be able to sign in to their devices using their fingerprint, their face or even the iris of their eye. Microsoft is expected to release Windows 10 later this year.

"You -- uniquely you -- plus your device are the keys to your Windows experience, apps, data and even websites and services, not a random assortment of letters and numbers that are easily forgotten, hacked or written down and pinned to a bulletin board," Joe Belfiore, Microsoft's corporate VP of operating systems, wrote in a blog post.

As Belfiore points out, we live in an age of constant cyberthreat. Hacking has become a full-time job, with professional cybercriminals breaching the computer systems of companies, financial institutions and even government agencies. Yet despite these nearly continual cyberattacks, consumers still rely on passwords to unlock everything from their bank accounts to their email.

It doesn't help that many people reuse passwords across multiple websites, since hackers who have scooped up passwords from vulnerable sites now have the keys to more-secure sites. And the problem keeps growing as criminals collect large swaths of personal data from across the Internet. Just last August, Russian hackers breached hundreds of thousands of websites to nab 1.2 billion usernames and passwords.

Biometric authentication, which confirms who people are by using their unique physical characteristics, promises to put up an additional wall of security between devices and malicious third parties. Though a fingerprint will always be more secure than "Password1234," people sometimes worry whether hackers can find a way to access their biometrics. Belfiore says not to worry.

"We understand how critical it is to protect your biometric data from theft, and for this reason your 'biometric signature' is secured locally on the device and shared with no one but you," he wrote. Windows Hello also comes with "enterprise-grade" security, meaning Microsoft wants it to work across businesses in all industries.

"It's a solution that government, defense, financial, health care and other related organizations will use to enhance their overall security, with a simple experience designed to delight," Belfiore added.

Windows Hello won't roll out all at once. Though the new tech will be compatible with current devices that read fingerprints, relatively few smartphones, tablets or PCs have the infrared technology to register Windows Hello's facial or iris detection.

For that, Microsoft is turning to chipmaker Intel and its new RealSense 3D camera. Announced last year and so far built in to a select number of gadgets, RealSense is a depth-sensing technology that uses infrared cameras to track the location and position of objects in space. Windows Hello will tap into that tech to scan a person's face or iris and unlock their device.

Microsoft rounded out its security announcements Tuesday by introducing its Passport feature for signing in to third-party websites, services and apps without a password. Used currently across Windows online accounts, Passport will be expanded to participating companies that opt in. Passport will ask people to authenticate a device once with Windows Hello or a PIN code and then allow them to access any participating third-party product.

"There is no shared password stored on [Microsoft's] servers for a hacker to potentially compromise," Belfiore said.

Microsoft has also joined the FIDO alliance, an industry consortium founded in February 2013 to address the lack of interoperability of authentication processes across the Web.