Last Update: Sep 04, 2024 | Published: Jan 20, 2016
A lot has been said about Windows Hello in the last month with the release of Microsoft’s Lumia 950 handset, the first device to include a built-in iris scanner for use with Windows Hello. With that said, much of what’s been said is negative. And even though many reviewers have given the Lumia 950 a lukewarm welcome at best, I wanted to share my experience with Windows Hello on the 950, as it’s one of the phone’s distinguishing features.
Nobody likes passwords and PIN codes, and there’s nothing worse than having to unlock your handset every few minutes, especially when you’re on the go. Windows Hello is a biometric authentication technology that’s part of Microsoft’s strategy to gradually phase out passwords. Windows Hello works in conjunction with Passport, which uses Identity Providers (IDPs) to authenticate users with a certificate or asymmetric public/private key pair that’s generated as part of a two-factor authentication enrolment process. For more information on Passport, see Goodbye Passwords: Windows 10 Passport on the Petri IT Knowledgebase.
Let’s be clear about how Windows Hello works on the Lumia 950. It doesn’t use facial recognition, but instead relies on the front camera and a nearfield IR diode so that the camera can clearly see your iris. When you enable Windows Hello for the first time, your iris is scanned and a cryptographic hash is generated and stored securely on the phone. When you attempt to unlock the device using Windows Hello, a new hash is generated and compared with the original, and if the two match, access is granted.
Facial recognition on the other hand, as used in some new notebooks designed for Windows 10 and Intel’s RealSense F200 camera, uses three different methods to recognize your face: infrared, a standard camera, and a 3D camera. This technology requires more space inside the device and as such isn’t suitable for use in phones, but unlike iris scanning works at a distance.
It’s worth noting that a PIN must be set before Windows Hello can be set up, and the PIN always provides you with a way to access the device should Windows Hello fail. So if you want to make the device more secure, I recommend setting a long PIN code. The settings for creating a PIN and enabling Windows Hello can be found in the PERSONALIZATION section of the Settings app:
Don’t forget that you must have a PIN set to use Windows Hello. If you don’t already have a PIN configured, click Add under PIN on the SIGN-IN OPTIONS screen.
Before starting the recognition process, if you wear glasses, take them off. Windows Hello will be able to recognize you later even if you are wearing glasses or non-mirrored sunglasses.
To unlock your device using Windows Hello, pick up your phone as if you were about to read some text, click the power button and look directly at the infrared diode that lights up. The phone will then unlock. Even though it’s the front camera that performs the actual iris scan, the key here is to look at the infrared diode and NOT THE SCREEN. As long as the phone is close and you look at the diode, I’ve found Windows Hello to be 100 percent accurate, even when wearing sunglasses and in a dark room. The only condition I haven’t managed to test is how well the feature works in bright sunlight.
So is Windows Hello annoying or irritating to use? I don’t find that to be the case, but it might not suit your way of working. And in my view it’s preferable to using a PIN, which takes longer and requires taking off your gloves in cold weather. But like any technology, there are disadvantages. For example, if you leave your handset on a desk and want to unlock it without picking it up, then you’re out of luck unless you’re into neck contortion; in this situation, use the PIN. Additionally, after a reboot, your PIN is required to unlock the device for the first time.