In the past few months there has been a lot of buzz about Microsoft’s Windows Hello after it was announced that Windows 10 was going passwordless…well, almost passwordless. We here at Transmit are excited over Hello as another tool that brings us one step closer to getting rid of passwords once and for all.
You’d think from all the media coverage that Hello was brand new when it was reannounced in July. It’s actually been around since the first version of Windows 10 back in 2015, although at the time it was mostly focused on enterprise users.
What is Windows Hello?
Windows Hello is an authentication technology that uses biometrics such as facial, iris and fingerprint scans to log into Windows 10 devices, Microsoft Accounts, and supported FIDO-compliant non-Microsoft services. It’s included at no extra charge and will work with most modern Windows 10 laptops and workstations. All a user has to do is set up a supported biometric to get started and then it takes just a glance at their device or a scan of a fingerprint to authenticate.
Transmit Security and Windows Hello
In almost every password elimination discussion we have with enterprise IT teams we’re asked about Windows Hello and how it fits into a broader Transmit-based passwordless strategy. The short answer is that we extend Hello into a true no-password solution that’s also risk-aware.
Transmit Security is a risk-based authentication platform that can use Windows Hello as one of its many supported authentication technologies. We also extend passwordless workstation login to more platforms such as Windows 7 and 8, Macs, and Citrix for environments that use a mix of operating systems and devices.
Based on FIDO2, Hello is a decentralized option for passwordless authentication but it doesn’t quite get rid of passwords as you might think. It’s not easy to crack biometrics, however if a user fails them on Hello they fall back to a PIN code. Transmit’s passwordless solution can use any supported authenticator as a fallback instead of relying on PINs or other less secure options.
As a centralized platform, Transmit is able to add the dimension of risk to the equation by monitoring the user, device, location and other elements to decide in real-time what actions should be taken. If a user fails a biometric or seems higher-risk, there are many options including stepping up to a different authenticator, restricting or denying access, and advanced device management controls that can reset or even wipe a device.
Finally, Windows Hello is an option for enterprises that have standardized on Azure Active Directory. If AWS, Google or other cloud directories are used, organizations have to look beyond Hello to a solution like Transmit Security that supports all the major cloud providers including Azure for passwordless login.
We see Windows Hello as a great opportunity to begin the process of getting rid of passwords in enterprise organizations but it isn’t a complete solution in and of itself. Hello doesn’t say goodbye to passwords, but it’s a great tool as part of Transmit’s comprehensive password elimination solution.