One day, Microsoft promises, you won't need a password to log in to your Windows 10 PC. That promise is Windows Hello, which will use your face or fingerprint as your passport for Windows and the web.
Microsoft said Tuesday that it plans to launch Windows Hello as part of Windows 10. Using technology that it originally developed as part of the Microsoft Kinect depth camera that shipped with the Xbox 360 and Xbox One game console, Hello will peer beneath your beard or makeup and determine if it's really you.
The idea, according to Microsoft, is to eliminate the billions of passwords that users create, forget, and eventually leak to the Web. Under Hello's security model, your PC would authenticate you with a camera or fingerprint reader, and then your PC would vouch for your identity on whatever Microsoft service you accessed. And if a website supported the Hello technology, it would recognize you, too, using a complementary technology called Microsoft Passport.
'We want to make your interactions with Windows devices more like interacting with another person," said Scott Evans, the software engineering lead for Kinect.
Hello is based on a technology called asymmetric key cryptography, used to identify a cell phone to a network, said Dustin Ingalls, with the Windows Security team. According to Evans, the false identification rate is just 1 in 100,000 attempts.
"You get all of that security that an IT organization would get with smartcards with the familiarity and personal experience of Windows Hello," Ingalls said.
The catch, if there is one, appears to be the hardware. In a video (embedded below) Microsoft notes that Hello will require "specialized hardware, including [a] fingerprint reader, illuminated IR sensor or other biometric sensors." That would imply that the laptop would need a built-in Kinect-like sensor, either one designed by Microsoft--such as Kinect for Windows--or a RealSense sensor from Intel. (Microsoft said that all PCs incorporating the Intel F200 RealSense 3D Camera will support the facial and iris unlock features of Windows Hello, including the automatic sign-in to Windows, as well as unlocking "Passport" without the need for a PIN.)
A Microsoft spokeswoman also confirmed that Hello will not work with an ordinary Webcam.
Hello will work with an existing fingerprint sensor, however, so if your corporate PC has one installed, Hello will work with it. In a blog post, Microsoft vice president Joe Belfiore also implied that these IR sensors will be built into a new generation of devices. "Well, there will be plenty of exciting new Windows 10 devices to choose from which will support Windows Hello," Belfiore wrote.
That would seem to imply that while Windows 8 introduced touchscreens to the Windows world, Windows 10 may launch with a new generation of biometric interfaces. Intel has already integrated its RealSense cameras into Dell tablets, and it seems reasonable that others (whether from Microsoft or Intel) will appear in laptops as well.
Microsoft executives said that they're conscious of privacy, however, and that your laptop won't be able to store your image on it. Hello also won't send your biometric identity over the network. It will, however, unlock Passport, and that will serve as an identifying token to confirm your identity to Windows web services, to Azure Active Directory, and the sites that work with those technologies. Microsoft has joined the FIDO alliance to support replacing passwords with a growing set of financial, consumer, and other security services over time.
And if you want to, you'll be able to opt in or out of using Hello, as well.
Why this matters: Microsoft Hello is a bit of a risky move for Microsoft. Recall that gamers dismissed the Xbox Kinect sensor for three reasons: its added price, the CPU toll that it took on the console, and the perceived privacy risks. If Microsoft makes Hello user-friendly--signalling when the infrared sensor is on, for example, and doing so for just a few seconds--users may quickly warm to the idea of doing away with passwords. And, of course, it has to work--if Hello doesn't work after a user grows or shaves off his beard, that sort of news is going to travel fast.