You use a password to log into your Windows 10 PC. But do you really have to, and are the alternatives — a PIN, a fingerprint, or your face — as secure as having a password?
Windows 10’s release and subsequent updates herald the addition of some new sign-in options. While previous releases required that you enter a password to gain access, Windows 10 supports a few biometric options, notably your fingerprint or even your face!
Throw in the option to set a numeric PIN instead of a password (most Windows 10 accounts rely on a Hotmail/Outlook/Xbox Live email account and password) and it’s clear that Microsoft is attempting to take user security seriously with Windows 10.
But once you’ve set up these options, how secure are they?
Windows 10 Secure Sign-in Options
Head to Settings > Accounts > Sign-in options to take a look at the options on offer. On standard PCs, you’ll have the choice of a password, PIN, or picture password.
Some PCs, laptops, and tablets, meanwhile, offer Windows Hello, which takes advantage of the ubiquitous (and privacy-breaching) webcam to sign you in using facial recognition. Devices with a fingerprint scanner, meanwhile, use this device to sign you in, instead of requesting a password, again as part of Windows Hello.
We’ll take a look at configuring each of these options shortly… but before we do so, you might like to put yourself in the shoes of someone trying to gain access to a PC protected with a fingerprint or facial recognition.
Could these options be more secure? Or could they, in fact, be less secure?
Setup a Password, PIN, or Picture
You’ll be prompted to set up a password or PIN when you first boot your Windows 10 computer or tablet. However, these options are available to be tweaked and changed, just like the others.
To set a new password, use the Change button. Even if you’re using an online account (as opposed to a local sign-in, where the password is stored on your PC), this can be changed through the Settings menu in Windows 10. (Can’t think of a new password?)
For a PIN, click Add, and follow the instructions to enter a PIN, confirm it, and click OK. The PIN option is intended to be more secure than an email account-linked password, but until it is made a default option for logging into Windows 10, a PIN is just another option.
A rarely-used feature, the Picture Password can be set up by clicking Add, then inputting your password when requested. Like a PIN, this is more suitable for touchscreen devices, and can be configured by selecting a photo from your Pictures folder, and then drawing three gestures upon the image.
Once you’ve confirmed these gestures, you’re done. Note that Picture Password isn’t suitable for non-touchscreen devices.
Benefits of a Password or PIN
The password and PIN options are preferable to the biometric ones. Having the added dimension of a smartphone or tablet-style sign-in is particularly useful for touchscreen devices, whether a 2-in-1 or hybrid laptop, or a tablet like the Surface Pro 4.
However, the Picture Password is also a useful alternative, even if it isn’t as popular as Microsoft might like.
Sign-In With Windows Hello
Impressive biometric security is on offer with the Windows Hello feature, but there is a chance of false reject rates for both the facial recognition and fingerprint scanner. Note that Windows Hello requires you to have set up a PIN already for use.
Using Facial Recognition
Dedicated camera hardware with infrared (IR) capability is required for facial recognition, allowing you to access your computer in any lighting scenario. This is most commonly found in the Intel RealSense camera, which ships with PCs and laptops from Dell, ASUS, HP and perennial privacy mockers Lenovo.
Setting up facial recognition is simple. Check Settings > Accounts > Sign-in options to confirm the feature is available with your hardware setup, and under Windows Hello find Face and click Set up. The following screen explains Windows Hello, so read this, click Get Started, and position yourself for your photo.
You’re done, but you can also return to the screen and click Improve Recognition to help Windows recognize you in different guises — with or without glasses for instance.
Using Fingerprint Scans
If your device comes with a fingerprint scanner, or you have one that can be connected to your PC or laptop, then this is also a good option.
Again, you set up this option in Windows Hello, although note that if you have a camera, this will tend to overrule the fingerprint scanner.
Click the Fingerprint Set up button to get started, enter your password or PIN, and follow the instructions to scan your fingerprint. This will take a few moments to get right, but once you’re done, you’ll be able to sign into Windows 10 simply by swiping your finger on the fingerprint scanner!
Problems for Fingerprint Scanners
In theory, fingerprint scanners are the most secure option. Fingerprints are unique, which means that you have ten individual “passwords” that you can use to log into your PC. This is pretty impressive, but the system doesn’t come without its problems.
For starters, poor fingerprint scanners can cause reliability issues. Windows Hello offers the flexibility to sign in with other options, but this is a weakness that can discourage the system from being used.
Additionally, fingerprints themselves, while unique, can be unreliable. While good quality fingerprint scanners can have nearly 100% success, some people, such as older people, or manual laborers, can have poor quality fingerprints. Our fingerprints can also change over time.
Reasons for this include the difference between your fingertips before and after taking a bath, cuts, and grazes. Even ink and dirt can cause problems with successful fingerprint reading.
And, sadly, it’s worth noting the dark side of biometric login. Devices with valuable data on them are likely to be targeted by society’s most unpleasant characters, people who will stop at nothing — including mutilation — to get what they want.
Can Facial Recognition Be Bypassed?
It used to be the case that holding a photo of the authorized user in front of a camera would unlock this particular method of access, but while this particularly obvious weakness has been overcome, other avenues are still open to hackers.
While it depends precisely one what the facial recognition system is looking for, it’s been proven that simply presenting a video of the authorized user — complete with the all-important natural blinking — is enough to unlock a smartphone facial recognition system.
But when it comes to Windows 10’s Windows Hello system, it seems that things are a bit more secure. While smartphones and tablets — and some bespoke desktop solutions — use photos, videos or 3D maps of your face, Windows Hello doesn’t. Rather, it uses a system that Microsoft claims cannot be reverse-engineered.
All of this means that should anyone want to gain access to your Windows 10 laptop, they will need to know either your password or your PIN, or be able to present your fingerprint or your face. Logging into Windows 10 secure is made quicker by the addition of the biometric options, but is it necessarily better?
Are you happy with just a password? Or do you want facial recognition, or a fingerprint scanner, to improve reliability and get away from that old problem of forgotten or duplicated passwords? Tell us what you think in the comments.
Image Credit: student girl working on laptop by goodluz via Shutterstock