Malware developers and cybercriminals are constantly adapting and evolving new techniques, so it makes sense that any new software–particularly any new version of the Windows operating system–must also adapt and evolve to stay secure. Windows 10 includes a number of new and enhanced security features designed to protect you and your data.
I wrote this story for Windows Secrets (subscription required) diving down into the details of some of the top Windows 10 security features:
Given the increasingly sophisticated nature of malware, it’s no surprise that Microsoft built new security capabilities in Windows 10.
The company also enhanced its built-in encryption tool, BitLocker, to make it easier to protect your data.
Moving authentication beyond the password
Here are three new features that make signing in to PCs and sites easier and more secure. Most of these new capabilities, however, require additional hardware or newer security features such as built-in Trusted Platform Module (TPM) chips (more info).
Windows Hello: Have you seen those Win10 TV commercials showing cute babies around the world? The narrative suggests that today’s small children will grow up in a world without passwords — a world where they can sign in to their devices with nothing but a smile.
The death of passwords and the promise of biometric authentication have been heralded for years now. We’re not there yet, but Windows Hello is a step in the right direction.
Windows Hello is the biometric-authentication component in Win10. With the right hardware, you can use facial recognition, fingerprints, or iris scanning as your security credentials. As you’d expect, Hello can’t be fooled with a simple photo of your face. In fact, based on tests described in a TECH2 article, the facial-recognition technology is so accurate it can differentiate between identical twins.
The major catch with Windows Hello is, of course, the added hardware needed to make it work. Microsoft’s description of Hello includes this footnote: “Windows Hello requires specialized hardware, including fingerprint reader, illuminated IR iris sensor, or other biometric sensors.” And you can’t use a simple USB cam for facial recognition — the system currently requires specialized cameras such as the Intel RealSense 3D. The new Microsoft Surface Book and Surface Pro 4 both include cameras capable of using Win10’s facial recognition feature. And according to the Intel RealSense site, selected laptops from ASUS, Dell, Lenovo, and others already have the camera built in.
Iris scanners are rather rare on PCs, but fingerprint readers are fairly easy to find on portables or easy to add to a desktop system.
If you have a device installed that supports Windows Hello, it’s enabled by clicking Start/Settings/Accounts/Sign-in options. (The Hello setup option won’t appear if your system doesn’t have a compatible recognition device.) According to the official Hello FAQ, the biometric data used to identify you is kept only on the local device.
Passport: This option takes password elimination to another level. You start by enrolling a device with Passport using a PIN or Windows Hello; the system then authenticates you via an MS account, Active Directory account, Azure Active Directory account, or a non-Microsoft service that supports FIDO (Fast ID Online; more info) authentication.
After you’ve been verified by Passport, you can connect to protected accounts and services without needing to enter individual passwords.
Microsoft Passport provides stronger security because it uses two-key, two-factor identification in place of passwords. (Device enrollment is one factor; a PIN or Windows Hello is the other.) That helps protect your identity and credentials from phishing, brute-force attacks, and keystroke logging. It also prevents replay attacks, even if a key is intercepted or compromised.
If you have (or get) a subscription, you can read the complete story in this week’s Windows Secrets newsletter: A review of Win10’s new security features.