Ever heard of Windows Hello? Whether it sounds like a brand-new (or let’s be honest, kind of made-up) product or it’s something your business is already using, Microsoft is making important changes to Windows Hello. Businesses should be aware of these changes, and many should consider adopting Windows Hello for increased security and smoother day-to-day operations.
Here’s what to know.
What Is Windows Hello?
Before we get into what’s new, here’s an introduction (or a refresher). Windows Hello is an authentication protocol from Microsoft that uses one of several different types of authentication to log users in to systems and accounts. The most significant thing setting Windows Hello apart from older login systems is that it skips the traditional password entirely: users supply their username and are then asked for an authentication factor like:
- A fingerprint
- A face scan / facial recognition
- A random PIN
If that last option sounds a lot like two-factor authentication (2FA), where users get a random code via SMS, an authenticator app, or other methods, then you’re on to something. It is pretty similar — only with Hello you get to skip the password entirely.
Why Windows Hello Is A Good Upgrade
Windows Hello in any implementation is a good upgrade to make because of how insecure the old username-and-password combination has become. People reuse passwords on multiple sites, set easy-to-guess passwords, and leave their passwords written down on a sticky note (or in an unencrypted document). Once the bad guys have a username and password combination, that’s all they need to get into less secure accounts.
Windows Hello makes it much harder to compromise an account: it’s just not all that easy to steal a fingerprint, face scan, or random PIN that just got sent to a device the account holder is holding.
What’s Changing in Windows Hello
Microsoft is currently testing two types of changes in Windows Hello. First, the design is getting an upgrade. Previously Windows Hello didn’t exactly match the modern aesthetic in Windows 11. Now it will. This change isn’t exactly earth-shattering, but it’s a good idea regardless: bringing Windows Hello into the same design language may help some users understand that it’s a legit part of Windows, not some kind of advanced phishing scheme.
The second change is much more significant: Microsoft is adding support for passkeys. This additional authentication method is exciting because it’s highly secure and doesn’t create much friction for legitimate users. But most importantly, passkeys are supported by the biggest major tech companies (Microsoft, Apple, and Alphabet/Google) — meaning there’s a very good chance that the passkey system will become the widespread new norm for secure accounts.
A Passkey Refresher
It’s OK if it feels like you’re constantly hearing about new, slightly different, but still similar-sounding innovations. We’re the first to admit that “passkey” is perhaps a bit too similar a name to the thing it’s supposed to replace (passwords). It also sounds pedestrian, even boring, when the truth is that passkeys are a big step forward.
So what is a passkey, exactly? Google defines it as “a FIDO [Fast IDentity Online] credential stored on your computer or phone . . . used to unlock your online accounts.” Once the credential is on your device, unlocking your computer or phone (using a fingerprint, a face scan, or a screen lock PIN) is all it takes to log into an account.
There’s lots of technical wizardry going on using public key encryption and other tech, but the bottom line is that passkeys are usually easier to use and almost always far more secure than passwords, and they’re rolling out in more and more places every day.
So here’s the bottom line: Businesses running Windows 11 should consider switching to Windows Hello — especially if users are still logging in with just a username and password. Then, as soon as it becomes an option, we recommend enabling passkeys within Windows Hello.
Of course, every business has unique needs, and reconfiguring security often takes some technical nuance. If our team can give you an assist, reach out anytime.