Blog/Infosec 101/

Everything you need to know about Windows Hello

John Sears

John Sears


Aug 08, 2022


7 min read

Jump to section

Biometric authentication has become a big part of security in both the home and business environment. The rapid adoption of this technology has been an attempt to reduce dependence on passwords, which are far more vulnerable to hackers. One such prominent example of a biometric authentication system is Windows Hello.

What is Windows Hello?

The Windows Hello technology enables Windows 10 and Windows 11 users to authenticate secure access to devices, apps, online services, and networks. It uses fingerprints, iris scans, and facial recognition, depending on user preferences, using sophisticated technology to secure computer systems.

Windows Hello has become a highly regarded system, considered more user friendly, secure, and reliable than traditional methods of logging in to secure systems. Windows Hello requires a specialized illuminated infrared camera for its facial recognition functionality. A fingerprint reader that is compatible with the Windows Biometric Framework is also needed for fingerprint scans.

Not only does Windows Hello help to secure computer systems, it also makes logging in easier, quicker, and more convenient. Having first been introduced in 2015, the system has evolved into a mainstay of computer security.

Windows Hello is designed for both enterprise users and consumers, with separate versions for these two very different environments available. The primary difference between the consumer and enterprise versions is the usage, implementations, and environments in which they function. In particular, the business software is targeted at companies and organizations that run any active directory, and are seeking a solution without passwords.

The popularity of biometric authentication is underlined by the number of users that Windows Hello has managed to attract. By the end of 2020, over 300 million users were utilizing Windows Hello on a monthly basis – an indication of how successful this system has become.

Windows Hello has also adopted the FIDO specification, which has added credibility to the system. The system was developed in 2014 by the FIDO Alliance, which was initially founded by PayPal, Lenovo, Nok Nok Labs, Validity Sensors, Infineon, and Agnitio. This alliance has now grown to over 250 companies, and its technology is available in hundreds of devices.

Microsoft Hello includes support for the latest version of the FIDO security protocol, referred to as FIDO2. The protocol enables users to access standards-based devices, such as USB security keys, that offer an extra layer of protection.

Setting up Windows Hello

Setting up Windows Hello is straightforward. The first aspect of this process is to set up Windows Hello on your PC. Setup is required before any of the specific security provisions can be put in place. The initialization process also requires you to apply a PIN to your device, which will then ensure that your PC is compatible with the hardware. This PIN can be stored in your Microsoft account or somewhere safe in the physical world, such as a notepad stored in private.

How to Initialize Windows Hello on your PC

  • Go to the start menu search bar, type in “Settings” and select the best match for your machine.
  • Head to accounts, and then select “Sign in options.”
  • Under ways to sign in, several different methods will be available. Choose the one that suits your current system.
  • Facial recognition, fingerprint recognition and PIN are the methods relevant to Windows Hello that can be utilized. Select which one you favor for your particular setup.
  • Once you have selected one of these, Windows Hello should be accessible on your computer.

How to set up a PIN

  • Expand the PIN tab by clicking on the down arrow, and then select “Setup.”
  • A dialogue box will then request your password. Enter your login password and click “Enter.”
  • In the next dialogue box, enter and confirm a strong PIN that is difficult to crack, before selecting “OK.”
  • A new dialogue box will now pop up, and you will be asked to verify your Microsoft account. Once you have completed verification, your account will be successfully set up.

How to set up facial recognition

Windows Hello offers a few different security options. The first of these, and probably the most widely utilized, is facial recognition. In order to set up facial recognition, you need to go through the following steps:

  • Click “Settings” and then “Accounts,” before finally selecting “Sign In Options.”
  • You must set up a PIN code before you are allowed to use Windows Hello. In order to set up a PIN, follow the instructions that we have provided previously.
  • Once your PIN has been set up, you should see the option to set up Windows Hello unlocked.
  • Several options should now be available, but for facial recognition you should see an option for “Face.”
  • Click “Setup” for the next screen. You will then be provided with a little background on Windows Hello.
  • Next click “Get Started.” You are now ready to capture your biometrics.
  • Position yourself so that your face is in the center of the frame that will appear on your screen. The camera will then register your facial features.
  • Once you are set up, you have an option to improve recognition. This process can be particularly useful for those who wear glasses, as you can be recorded both wearing and not wearing them.

After following these steps, your facial recognition on Windows Hello will be optimized and ready to protect your computer.

How to set up fingerprint security

Another option is to set up fingerprint security on Windows Hello. Once you have an integrated fingerprint reader set up, the following process is required to initialize fingerprint logins.

  • Go to “Settings,” and then to “Account.” Scroll to Windows Hello, and click “Setup” in the fingerprint section.
  • If you haven't created a pin, you must now create one in order to optimize the fingerprint reader.
  • Click “Get Started” and you should now see the welcome screen. Enter your PIN.
  • Scan your finger on the fingerprint reader. You will need to scan your finger several times in order to provide the scanner with a good impression of your prints.
  • Click “Add another” if you wish to repeat the process with another finger. Alternatively, close down the program.
  • You will be asked to confirm that you are satisfied with the process. This is the final step in optimizing your fingerprint reader.

You have now set up a fingerprint login on Windows Hello and can begin using its biometric authentication.

Enable Windows Hello on NordLocker

We believe that the best security method is often the one that the user prefers. That’s because this way, you’re more likely to use it. While NordLocker already has several MFA methods like security keys, authentication apps, and backup codes, Windows Hello brings something new. We’ll let one of our squad leaders, Gabrielė Akstinaitė explain:

“We are pleased to present Windows Hello as an alternative to the Master Password. Windows Hello offers flexibility and more options to unlock NordLocker. The Master Password will still be the main key to your files, so don't forget it! We also love that our users can choose whichever Windows Hello method they prefer. And most importantly, Windows Hello can save you if you ever forget your master password.”

If you want to use Windows Hello instead of your master password, first follow the instructions above and enable one or more Windows Hello sign-in methods. You can also open the NordLocker app, go to “Settings,” and click on “Setup Windows Hello” at the bottom of the “Security” tab.

However, if you already have at least one Windows Hello method enabled, you’ll see a disabled toggle. Here’s how to turn it on:

  • Click on the toggle.
  • Enter your master password.
  • Confirm your Windows login. For example, a pin code.

And that’s it. Next time you need to log in to NordLocker, you’ll also see a Windows Hello icon.

More Background on Windows Hello

It should be noted that once Windows Hello is enabled, the password system on Windows 10 or Windows 11 will be disabled. However, passwords will still be required to unlock some system functions. Windows Hello uses 3D structured light to create a model of a user's face, while utilizing what are referred to as “anti-spoofing techniques” in order to prevent the creation of fake biometrics.

Windows Hello has become an extremely popular security package on the market, with its only real rivals being Apple face ID and Google Android biometrics. But the Windows system is renowned for working better in low-light environments than either of its major competitors. Lighting is, in fact, another important aspect of the system to consider. If the lighting environment is not particularly well-suited to iris recognition, it is advisable to invest in a fingerprint scanner and utilize that for security.

Another major advantage of Windows Hello is that it has minimal hardware requirements. The system has a low barrier to entry, but specific requirements are still involved. The Microsoft Surface Pro, Surface Book, and most Windows 10 and Windows 11 PCs are equipped with suitable scanners or cameras that can capture two-dimensional infrared spectroscopy. These will all be compatible with Windows Hello. If you have any doubts about your system, you should contact Microsoft directly, and it will be able to assist you further.

The benefits of Windows Hello are obvious. The Internet has become an increasingly hostile environment, with malicious hackers stealing personal data and the identities of people all over the world. Indeed, identity fraud cost Americans alone $56 billion in 2021.

$13 billion of these losses were due to what is described as “traditional identity fraud,” where cybercriminals stole personally identifiable information via data breaches. Passwords are one of the primary ways that such breaches occur, which is why biometric authentication can be hugely valuable for home users and businesses alike.

John Sears

John Sears

Verified author

John believes that the best things in life are simple. He uses the same approach when he’s writing about online security. John says that his #1 pet peeve is phishing scams. Ironically, his favorite non-work related activity is fishing.