Examples about "Windows Hello" that realizes the ESET passwordless login

This article re -edites "Windows Hello? Four points for safely using laptops" published in the "Cyber Security Information Bureau" provided by Canon Marketing Japan.

　When logging in a laptop, you usually need to enter your ID and password.However, the management of the password is complicated.Windows Hello is attracting attention as a mechanism that releases us from these password management.This article describes the outline and functions of Windows Hello, as well as the points to use laptops safely.

What is Windows Hello?

　Windows Hello is a function that provides a biological authentication function such as face authentication and fingerprint authentication when logging in to Windows.It is standard on Windows 10 PCs, and can be used by using Windows Hello -compatible web cameras and fingerprint readers.With the need to enhance security as remote work spreads, the laptops that have been released in recent years have such devices in advance, and the number of models that Windows Hello can use is increasing.

Why Windows Hello was developed

　Why was Windows Hello born in the first place?Microsoft developed Windows Hello to achieve "passwordless".In 2017, the company announced a four -level approach to realize passwordless.The first step is the development and implementation of alternatives for ID and passwords, including Windows Hello.

　According to a survey conducted by Yahoo Co., Ltd., a major domestic portal site in 2020, 75.8%of the "password" used for Internet services and other services was 75.8%.And the answer that "I use the password" exceeded 60%.

　To enhance the robustness of the password, it is necessary to set it to a complicated one.However, setting and managing complex passwords is a factor that inhibits user convenience.As a result, the use of passwords has become normal, and users and companies will continue to have security risks.Windows hello, which can log in by biological authentication, is expected to be one of the means to solve those risks.

Windows Hello function

　Windows Hello functions can be classified into two categories: biometric authentication and PIN authentication.

1) Biological authentication

　Windows Hello uses either "face authentication" or "fingerprint authentication" instead of a password when logging in to a laptop.

　The requirements for measuring the performance of biometric authentication include the "permission rate (FAR)" that misunderstands others, and the "rejection rate (FRR)" that mistakes the person.The requirements for fingerprint authentication in Windows Hello are 0.002 % or less for FAR and 10 % for FRR.The requirement for face authentication is 0.001 % or less for the FAR and 5 % or less for FRR.

　Although the accuracy of biometric authentication is high, it is not perfect, and authentication may not go smoothly depending on the environment at the time of authentication and the condition of the equipment.For example, if you are wearing a mask or if the camera equipped with a laptop is dirty with a fingerprint, it may not be authenticated by the person.

2) PIN authentication

　Windows Hello can set PIN authentication in addition to biometric authentication.As mentioned above, biological authentication is not perfect.Pin is prepared as an alternative to the bio -authentication for various factors.

　Pin tends to be confused with passwords, but strictly, it is a certification method different from a password.The main feature is that it is linked to the terminal.Therefore, even if the information of PIN leaks outside, the laptop will not be unlocked unless the terminal is stolen.Microsoft says that PIN is safer than a password, based on the fact that it is linked to the terminal.

Advantages to use Windows Hello

　The following three specific benefits to use Windows Hello are:

1) There is no need to manage complex passwords

　By using Windows Hello, users are free from complex password management.By using face authentication or fingerprint authentication, you can log in to Windows without password input.You will also not need to change your password regularly or to worry about the combination, such as family, relatives, or dogs.

2) Reduce the risk of leakage of passwords

　By not using a password, the risk of leakage of authentication information can be reduced.Basically, authentication information such as biometric authentication is stored in an encrypted state on the terminal.Since the authentication information is not saved on the server on the Internet, the risk of leakage due to unauthorized access is also low.However, in the case of a laptop, it is important to note that if it is stolen, there is a risk that PIN will be analyzed.

3) You can apply security policy when using it in a company

　Windows Hello has a Windows Hello for Business.By linking with Active Directory, the detailed security policy, such as enabling / disabling biological authentication, and requirements for PIN, can be applied to the terminal in the organization in a batch.In the case of a laptop, it tends to depend on the management level of the individual, but it can be more governance by applying it all at once.

Other security options for using laptops safely

　In addition to Windows Hello, Windows 10 has various security functions.By effectively utilizing these security options that can be confirmed in "Windows Security" from the "Start" menu, you can use a laptop more safely.

1) Prevention of viruses and threats

　Windows 10 has a security function called Microsoft Defender (formerly Windows Defender), and monitors the terminal status in real time to detect and protect attacks such as malware.

2) Firewall and network protection

　By enabling the firewall function contained in Microsoft Defender, unauthorized communication to the terminal can be blocked.Depending on the situation of the communication, detailed settings such as the firewall validation / invalidation are also possible.

3) Control app and browser

　Windows 10 is equipped with a function to monitor apps and web browsers called Microsoft Defender SmartScreen.This feature can prevent access to websites, which may have phishing fraud and malware infections.In addition, since it is integrated into the OS, it is also possible to control the malicious behavior of the app.However, care must be taken because the corresponding web browser is limited to Microsoft Edge.

4) Device security

　Device security is a security mechanism built into hardware.By enabling the function of "core separation", the processing of the computer is separated from the OS and device.Protects the core of the OS from attacks such as malware.In addition, the "security processor" can enable strength encryption using TPM (Trusted Platform Module).TPM controls security processing and is also called "security chip".Windows Hello certification information is also stored on this TPM.

5) Device performance and normal

　"Device performance and normal nature" that reports the status of the terminal is a function that informs you of abnormalities such as memory and battery.

6) Family options

　Family options are options for managing devices when shared and used laptops with families.You can monitor or limit your child's website browsing and using apps.

To use laptops safely and comfortably

　As mentioned so far, Windows laptops have various security functions.However, there is nothing "absolute".I want to pay attention to the following four points to use laptops more safely.

1) Update appropriate OS

　The OS Windows with the concept of WAAS (Windows as a Service) will be an appropriate version upgrade by Microsoft.Includes not only security patches but also new functions.Uplifying the OS to the latest version to block vulnerabilities is the basis of security measures.It is also possible to use the latest security function by updating.

2) Enable standard security functions

　Windows 10 is equipped with various security functions as well as Windows Hello.It is a function that detects viruses and blocks access to illegal web pages.I want to understand the functions that are installed as standard and use them as much as possible.

3) Measures for loss and theft of terminals

　If the terminal is stolen, there is a risk that Pin will be identified, no matter how strong Windows Hello.Basic theft measures should be taken, such as keeping a personal computer on a desk at a cafe or the like.If your company's computer is lost or stolen, please report it to the company immediately and take appropriate measures.

4) Introduction of security software

　As mentioned earlier, Windows 10 is equipped with Microsoft Defender (formerly Windows Defender).Although it has a necessary and sufficient function, many commercially available security software provides many special software with multiple security functions and support.

　For example, ESET Internet Security has a function to safely use PCs and smartphones, such as functions for using internet banking and EC sites safely, as well as the block function of fishing sites.Another advantage is that there are plans that are supported for users who are not familiar with personal computers.Consider the introduction of security software in order to use your computer safely and safely.