The Windows 10 “hello” is a new form of authentication. It’s easy to setup and easy-to-use, so how is it more secure?

In Windows 10, Microsoft Passport replaces passwords with strong two-factor authentication that consists of an enrolled device and a Windows Hello (biometric) or PIN. The tool that Microsoft is using to make this more secure is by storing your password in a ‘safety deposit box.’

OK not a real safety deposit box, but a virtual one in the hardware of your computer. 

Here’s how it works:

After you log in with a password you have been authenticated. Then you create a pin code to use instead of your name and password. Your name and password are stored in the TPM chip on your computer. This is the safety deposit box.

Your name and password are encrypted in this box and protected from any kind of security hack. Each time you put in your pin number, your password is unlocked and passed on for authentication.

Now we add one of the biometric factors, and we have a secure logon that knows who you are.

After initial two-step verification during Microsoft Passport enrollment, a Microsoft Passport is set up on the user's device and the user sets a gesture, which can be Windows Hello or a PIN. The user provides the gesture to verify identity.

Windows then uses Microsoft Passport to authenticate users and help them to access protected resources and services.

One important difference between a password and a Passport PIN is that the PIN is tied to the specific device on which it was set up. That PIN is useless to anyone without that specific hardware. Someone who steals your password can sign in to your account from anywhere, but if they steal your PIN, they'd have to steal your physical device too!

Windows hello has three biometric factors that can be used to authenticate. A fingerprint can be used on many existing laptops. Facial recognition requires a high end camera not currently available on most laptops. New phone devices will have retina recognition cameras for authentication as well.

It will take time for enterprise to embrace this but, I hope you will say Hello soon.