Hackers have recently shown that Windows Hello installations from last year could be fooled easily with only a print out of a picture of your face taken with a near-infrared camera. Only more recent versions of Windows Hello could not be defeated, and only if more stringent settings were used in the setup, and also…
by Surur
@mspoweruser
Hackers have recently shown that Windows Hello installations from last year could be fooled easily with only a print out of a picture of your face taken with a near-infrared camera .
Only more recent versions of Windows Hello could not be defeated, and only if more stringent settings were used in the setup, and also when it was set up from scratch.
Despite this major snafu, Microsoft is touting Windows Hello as the solution for password stress, and praised the sophistication of the technology, saying:
The infrared camera in Microsoft Surface devices isn’t just taking your photo for facial identification, says Rob Lefferts, director of program management for Windows Enterprise and Security. “It’s actually building a 3D map of your face. It has depth and characteristics, and we use multi-spectrum analysis so we’re getting multiple images of your face from different perspectives.”
Microsoft pushed biometrics as the password of the future, saying when available roughly 70 percent of Windows 10 users with biometric-enabled devices are choosing Windows Hello over traditional passwords.
The issue, of course, is that biometric passwords cannot be revoked (you can hardly change your face or fingerprints) making it imperative that Microsoft builds its technology right before exposing “roughly 70 percent of Windows 10 users” with biometric devices to hacks a teenager could easily perform.
Microsoft also touted its involvement with FIDO, who aim to replace password websites with proof of possession of devices. This cross-company initiative uses public key cryptography as the basis of the security model.”
The private key stays on your personal device; “it is never shared over the internet, it is never put in a database,” said Brett McDowell, executive director of the FIDO Alliance. “Instead of a password being stored on the server, only the public key for that account is ever shared with the online application so it can be used to verify what is called a ‘cryptographic signature’ from the user’s device during future authentication challenges.” This process confirms “proof of possession” of the private key without ever sharing the private key itself, he says, “thus ending phishing for credentials and/or reusing stolen credentials from a data breach.”
An issue Windows Phone users of old often faced, however, is finding their platform unsupported by proof of possession devices and authentication apps, making it more and more important to stick to mainstream operating systems.
“It will take time for all the parties, all the important websites and all the important line-of-business applications to adopt this technology, and it will take even more time for users, customers and organizations to make the cultural shift required so that people can really live in this new world,” said Lefferts “But we have the blueprint for accelerating the move away from passwords. The key to success is making sure that the user experience is actually easier and better than what they have with passwords today.”
Read Microsoft’s full blog post here .
Some links in the article may not be viewable as you are using an AdBlocker. Please add us to your whitelist to enable the website to function properly.
by Anmol on December 26,2017
by Surur
by Anmol
by Jennifer Locke
by Anmol
Samsung’s 850 EVO series SSD is the No.1 selling SSD in the market right now. It is powered by Samsung’s V-NAND technology with up to 540MB/s and 520MB/s sequential Read/Write pe…
Microsoft Store online today kicked off its Countdown to 2018 sale. You can get huge discounts on popular apps, hottest games, movies and TV. Find the deals that are available below. Xbox Di…
In the summer Oculus announced a price drop for their Oculus Rift headset taking it to an astonishing $399 for the headset and controllers, around half the launch price of the bundle before …
Microsoft Store’s annual 12 Days of Deals promotional campaign has started today. Microsoft Store will announce a new deal daily at midnight ET through Dec. 17 – featuring products from …
Microsoft Store UK’s Black Friday deals are now live and you can get discounts on latest Surface devices, Xbox consoles, Windows PCs, accessories and more. You will be able to save up…
You can save up to 30% on select SanDisk memory products from Amazon as part of their Deal of the Day promotion. This sale includes lot of popular SanDisk products including SanDisk Ultra 1…
You can now get huge discounts on popular laptops as part of the Lenovo Black Friday 2017. If you are looking for a mainstream laptop, check out the Ideapad 720s which comes with premium met…
HP, the No.1 PC OEM in the world is now running their biggest sale of 2017 as part of their Black Friday promotions. You will be able to find amazing deals on HP laptops, desktops, monitors,…
Microsoft Store’s Black Friday deals are now available in the US. Microsoft Store has some great deals on the Xbox One S, Surface devices, Windows Mixed Reality headsets and more. Find…
You can now get the Lenovo USB Type-C Hub for just $51.34 (was $79.99) from Amazon. With this Type-C Hub, you expand your laptop capabilities with dual USB 3.0 ports, one HDMI 1.4 port, one …
