- Windows Hello is a secure and easy way to access your Windows device.
- You can use a PIN, security key, or biometric data (facial recognition, fingerprint) to log in to your device with Windows Hello.
- Windows Hello authentication data is only stored locally on your device and is an authentication method deemed safer when compared to typical passwords.
Using strong passwords means longer and more complex strings that are impossible to remember. That’s why a lot of people are reusing the same weak passwords, thus compromising security.
Windows Hello is offered as an alternative by Microsoft, being both simpler to use and safer at the same time. How is that possible? Read on to find out what Windows Hello is, how it works, and how you can set it up on your Windows computer. Don’t like it? I’ll even show you how to disable it.
What is Windows Hello Sign-in?
Windows Hello is a local authentication method for Windows computers that uses your biometric information, a simple and easy-to-remember PIN, or a hardware key to log you in or provide access to compatible services.
Windows Hello is not a password, but a way to provide authentication on a Windows device. This means passwords stored locally are not sent to a server for comparison, so no danger of being intercepted by a third party.
How Secure Is Windows Hello Compared to Normal Passwords
Windows Hello encrypts authentication data on the local device and protects it with a dedicated hardware device, usually a TPM chip built into your CPU or motherboard. This is not always the case, but using a TPM (Trusted Platform Module) is definitely the saver way to store Windows Hello authentication tokens.
Now it starts to make sense for Microsoft to mandate the presence of a TPM chip for Windows 11-compatible devices.
Your Windows Hello data is never stored in the cloud and never sent via the Internet.
Is there a downside? Probably the fact you have to set up Windows Hello on each and every device you’re using. That’s not such a big nuisance if you ask me.
Anyway, the takeaway is that Windows Hello is just as safe as passwords and possibly safer than weak passwords.
It’s even possible to completely get rid of your Microsoft Account password but to be honest, that’s not something I’m personally ready for today.
Windows Hello Sign-in Options
There are multiple authentication options available with Windows Hello:
- Facial recognition;
- Fingerprint recognition;
- PIN code;
- Security Key.
Not every computer can use all the methods of authentication compatible with Windows Hello. For facial recognition, you would need an infrared webcam, capable of sensing depth. A regular webcam won’t be enough.
Fingerprint authentication requires a fingerprint reader, while for using a secure key you need a physical hardware device, which can be a special card that requires a card reader installed or a USB key that works with pretty much any USB Type-A port.
How to Set Up Windows Hello with a PIN
Each Windows Hello authentication method must be set up individually on each device you plan on using.
I can’t show you how to set up all the Windows Hello authentication methods because I don’t have an IR webcam or a fingerprint sensor on my laptop, but I will show you the easiest method, the PIN code.
Windows Hello PINs can be short numbers made of only 4 characters, similar to a credit card, or you can opt for more complex strings. Both offer similar levels of security, especially when coupled with group policies that prevent brute force attempts, so don’t dismiss them.
1. Open the Windows Settings app by pressing Win + I.
2. Navigate to the following section: Accounts > Sign-in options.
3. On the right side of the window select one of the Ways to sign in compatible with your current device. The This option is currently unavailable text will be displayed next to incompatible methods.
Expand the PIN (Windows Hello) section for this guide.
4. Next to the Use a PIN to sign in to Windows, apps, and services click on the Set up button.
5. You will now be asked to enter your current account password, online or offline.
6. At this step enter the new PIN you want to use with Windows Hello and confirm the pin. In the default configuration, you will only be able to use numbers. Check the Include letters and symbols if you wish to set a more complex PIN.
7. That’s it: you now have a PIN set up for the current Windows computer.
Now every time you log in to Windows you will be asked for the Windows Hello PIN, not the account password.
Windows Hello acts as a local passkey that provides access to not only your Microsoft online account where it can be set as a secondary authentication method but other services as well. Windows Hello can even be used as a passkey for your Google account. Windows Hello also works with local Windows accounts, so it’s a pretty versatile authentication method.
8. If you decide to change the PIN you will have to come back to the same section and click on the Change button.
You must remember the current PIN, but there’s a way to go around this problem if you forgot the Windows Hello PIN.
How to Disable Windows Hello
Let’s say that for some reason you don’t want to use Windows Hello anymore. If that’s the case here are the steps to follow for each of the authentication methods you have enabled (for each of your devices).
1. Open the Settings app once again.
2. Find your way to Accounts > Sign-in options.
3. Expand the Windows Hello methods you want to remove.
4. Click on the Remove button next to Remove this sign-in option.
5. You will see a warning message at this step.
If you press the Remove button once again you may be asked for the current account password.
If the remove button is grayed out it can only mean that your organization has chosen no disable the option, mandating the use of that specific Windows Hello method.
And now you know the most important bits about Windows Hello. It wasn’t my intention to make this a comprehensive deep dive into the specifics of the technology. But I do hope I convinced you to give Windows Hello a try.