Microsoft Extends Its Windows Hello Login Security Features To Apps and the Web

An anonymous reader quotes a report from TechCrunch regarding the beloved Windows Hello login security features: Microsoft is bringing to Windows apps (and even the web) some of the convenience and security of being able to use the same tech it uses to keep enterprise laptops safe. The idea here is to let you use the same technology that powers "Windows Hello" -- the login security feature of Windows 10 that supports fingerprint scanners, facial recognition and even iris scanners -- to log into other services, as well. This feature probably wouldn't be all that interesting if it only worked for Windows apps, but the company is also extending it to web apps. For now, this feature apparently only works with Microsoft's own Edge browser, but the company says it is compatible with the FIDO 2.0 standard and can theoretically work with any browser.

Hello Login

[Anonymous Coward]

Hello Login sounds like a silly name for a cute little japanese cartoon character.

Re:

[bondsbw]

It's not "Hello Login", it's just "Hello".

Guilty, guilty, guilty!

[shanen]

One of my many problems with Microsoft is the guilty-until-proven-innocent security model. Actually, they seem to have softened their position somewhat in recent years, but the perception remains, and whenever anything goes wrong with anything associated with Microsoft, one of the hardest possibilities to rule out is that I haven't done anything they perceive as a EULA violation.

Just a coincidence, but I ran into this last week. My employer recently announced we could upgrade to Office 2016. I wasn't brave

Apple had a chance with Vista

[Joe_Dragon]

Apple had a chance with Vista.

Too bad apples hardware choice was bad and lack of games.

Re:

[The Real Dr John]

Everything MS has been doing with Windows is on the cheap, and comes out shoddy as hell. I can't believe any companies are even thinking about migrating to the buggy new crap that offers nothing useful. Upgrades are supposed to upgrade system capabilities, not degrade them.

Huh?

[roninmagus]

I'm smelling a rat here. I check slashdot.org multiple times a day, and there are currently 1,2,3...**5** Microsoft product update "news" stories on the homepage. What gives?

Re:

[kuzb]

Does everything have to be a conspiracy?

Re:

[Anonymous Coward]

Yes. The rules here are:
- Apple and Google are given cautiously wide berths and acceptance because they control everything now.
- Microsoft remains perpetually guilty until proven innocent.
- Mozilla is to be hated no matter what they do.

That's about the short and skinny of it. Free mod points to be had if you happen to have a standard copypasta "opinion" to share.

Re:

[The-Ixian]

True.

I would make one alteration:

  - Microsoft remains perpetually guilty <strike>until proven innocent</strike>

Re:Huh?

[whipslash]

It's almost like Microsoft hosted an annual developers conference today an announced a bunch of news http://www.theverge.com/2016/3... [theverge.com]

Re:

[LifesABeach]

I figure its the new PHB owners. No one has told them the truth about their lap tops yet. You know, where you hold the lap top upside down and shake it to reboot it.

Eyyyyy!

[Anonymous Coward]

You go Microsoft! Jump that shark!

Re:

[LifesABeach]

Does anyone else not smile when in order to "open up" the operating system you have put your finger in a certain spot?

Re:

[slacklinejoe]

Hello is more flexible than the above suggests and this is really just an extension of their Single Sign On options. Microsoft really wants to push the PIN + something as better than a password (that users will just put on a post-it note and leave in their office). For low security locations, sure maybe just a IR scan of your face including vein locations heartrate and such = 1 factor (Hello only works with very specific and weird cameras), but most are going to implement it with biometric (face or fingerpr

Wait, let me get this straight....

[NoNonAlphaCharsHere]

You want me to let a Microsoft browser send my "fingerprint scanners, facial recognition and even iris scanner" credentials across the open Internet as a whizzo convenience feature? (Checks calendar, nope it's only March 31)... Sure! Why not? What could possibly go wrong?

Re:

[Dutch Gun]

I'm sure it's just authenticating locally on your client and sending login and authentication challenge responses across the net, not the raw biometric data. MS is a lot of things, but I'd have to think that their programmers are not quite that stupid.

Re:

[chipschap]

MS is a lot of things, but I'd have to think that their programmers are not quite that stupid.

Exactly so. Their programmers are not quite that stupid, so would they pass up this opportunity to collect even more personal data?

Re:

[Anonymous Coward]

I'm sure it's just authenticating locally on your client and sending login and authentication challenge responses across the net, not the raw biometric data. MS is a lot of things, but I'd have to think that their programmers are not quite that stupid.

Ummm, you must be new here.

And yeah, MS programmers have been that stupid - or at the least forced by management to be that stupid.

Re:

[Not-a-Neg]

They are attempting to offer a similar service as TouchID on iOS, making it easier for n00bs to login to their stuff without needing to remember arcane passwords.

Re:

[slacklinejoe]

Yeah no. It doesn't work that way.

Re:

[antdude]

MS never jokes even on April 1st. ;P

Did I miss the memo?

[grasshoppa]

Are we trusting MS now? Between the "EVERYONE MUST HAVE WINDOWS 10" bs and Brad Smith saying we should let politicians decide what the balance is ( between encryption and personal freedoms ), I'm having a hard time with the whole notion that MS needs MORE of my security information, not less.

Maybe I'm just paranoid though. My tinfoil hat is probably 3 sizes too small.

Re:

[LifesABeach]

I agree, and with an A/C no less. All one need do is find a 14 bored year old to hack into any m$ stuff and life goes on.

The Microsoft slashdot ..

[khz6955]

Microsoft gets 6 free articles on the main page. Is this what slashdot is reduced to, shilling for the MICROS~1 organization?

Re:

[jenningsthecat]

Microsoft gets 6 free articles on the main page. Is this what slashdot is reduced to, shilling for the MICROS~1 organization?

Like it or not, (and I decidedly don't like it), Microsoft is still a major force in computing. So it's inevitable that sometimes a bunch of MS articles will show up in one place at one time, like a cancer cluster that turns out to be just a statistical anomaly.

Please believe me when I say that I understand and feel what you're saying. But shouldn't we give the new Slashdot owners the benefit of the doubt until such time as shilling articles have been a consistent theme for 6 months or so? They haven't been

Re:

[Not-a-Neg]

Microsoft is holding their Build conference, expect more articles.

Be nice with some device support

[reemul]

I'm still waiting for someone to sell me a webcam that will work with Hello. There are a tiny number of laptops and tablets with one built in, but despite the technology being announced more than two years ago, there isn't a single stand alone camera that supports it. Supposedly Razer will be offering one in Q2, but no firm date. It doesn't really matter what apps the feature will unlock if no-one has the hardware to ever use it.

Re:

[slacklinejoe]

There are two of the Intel ones on the market as add-ons, but not many are integrated. You have to find the ones with the Intel RealSense feature. If you want, check out the Creative labs F200. There is the Intel developer kit (R200) but I've not found it in stock.

Re:

[Brian Kendig]

I was coming here to say the same thing, too.

I can't find any place that sells the Creative Labs F200 - not even http://us.creative.com/p/web-cameras itself.

Yeah, right ...

[gstoddart]

the login security feature of Windows 10 that supports fingerprint scanners, facial recognition and even iris scanners

Given Microsoft's history with being utterly incompetent at security, why would I trust them, or any other vendor, with biometric information? Why would I want a fucking app or a web page to have access to that stuff?

I'm sorry, but I neither believe this is any more secure, nor do I believe this isn't going to lead to huge unintended privacy violations or whatever damned server Microsoft keeps this shit on from either being hacked, or subpoenaed by big brother.

Sorry, but I'll pass on this shit. It serves no value for apps and web pages, and it's being offered by a company who I simply don't trust with the information or the implementation.

When this gets hacked, expect me to be quite loudly laughing and pointing.

Re:

[The-Ixian]

It is clear to me that what MS is actually doing is attempting to subvert Android (and to some extent iOS) to their own purposes.

MS is introducing low level apps on both platforms which make it easier to turn either device into a MS platform. For example, I have a work issued iPad and there are more MS apps on it than Apple apps.

I think this is a smart thing for MS to do; A way of hedging their bets. If Windows users cannot have their own platform, MS enables them to have something very similar on a differe

"beloved"???

[davidwr]

If that doesn't scream "slashvertisedment" I don't know what does.

Microsoft

[Eunice Nyandat #CMO]

Security