Microsoft has announced an ambitious plan to replace passwords with biometric identifiers in it’s yet to be released Windows 10 operating system. The race to replace passwords has been on for years, however, “Windows Hello” offers perhaps the most realistic chance of eradicating the archaic but ubiquitous authenticator.
The difficultly with password alternatives to date has been primarily a problem of adoption and practicality. Tattoos as passwords, for example, is a ridiculous idea.
In body chip implants are promising but I imagine many people would be squeamish about having a computer chip injected into their bodies. Twitter’s Digits system is practical but adoption would require cooperation between all the various organizations that develop and maintain your password protected accounts and devices. Windows systems (from Windows 95 to Windows 8.1) command 91.56 percent of the market. It stands to reason that Windows 10 will come to represent a large share of the operating system market too. While current biometric authenticators are the stuff of science fiction, the technically savvy and early adopters, Windows Ten may put these technologies within the reach of all computer users.
Using a combination of hardware and software, Windows Ten devices, both traditional and mobile, will offer the ability to authenticate users via iris, fingerprint and face. “For facial or iris detection, Windows Hello uses a combination of special hardware and software to accurately verify it is you – not a picture of you or someone trying to impersonate you,” said Joe Belfiore, vice president of the operating system group at Microsoft. “The cameras use infrared technology to identify your face or iris and can recognize you in a variety of lighting conditions.”
Computers with built-in fingerprint scanners will be Windows Hello compatible after Windows Ten installation. Newer Windows 10 capable machines will contain Windows specialized hardware, including fingerprint readers, illuminated IR sensors or other biometric sensors.
We all know the limitations of passwords. In essence, good ones are hard to guess and hard to remember; bad ones are easy to guess and easy to remember. On top of that, we aren’t supposed to share passwords between services. If we do it right, we end up having to remember a dizzying array of passwords that are difficult to remember on their own let alone en masse (there are some tips how to remember unique passwords). For example, Yahoo! wants to let you forget your Yahoo password, because nobody can remember their passwords.
There isn’t much out there in the way of a security analysis, which is not surprising given that Windows 10 has not been released. Not surprisingly, Microsoft is heralding the security system for its “enterprise-grade protection.” To its credit, Microsoft only stores biometric data locally, meaning you’re facial recognition data, iris and fingerprint will only exist on your personal device, not on some server at the Microsoft headquarters.