Why should stop using Hello Windows Facial Recognition to log into your Windows 10 PC
Passwords sucks, we all can agree to that, but very few alternative offer as much security as they do. Certainly not the facial recognition Microsoft introduced with Windows 10 new Hello Windows automatic login system.
Hello Windows facial recognition was designed to use your webcam to scan your face and identify you whenever you want to log in to your Windows account on Windows 10. However, a team of researchers has discovered a fatal flaw in the security design of Hello Windows.
Using just a printed photo of a user’s face, the researchers were able to trick Hello Windows into thinking the printed photo is the real user and granted them access to the Windows account. These researchers published their work on the cybersecurity website Seclists on December 8th.
They conducted their spoofing test on different versions of Windows 10 running on both a Dell and a Microsoft laptop. In both cases, they were able to easily log into the users Windows account by just using a printed picture of their face.
This spoofing should be a cause of concern for anyone who uses facial recognition by Hello Windows to log in to their accounts.
Tricking Windows 10 into thinking it is scanning the face of the real person then going ahead to grant access to a user account by mistaking the printed picture as the real user’s actual face was easy. All it too was a good photo of the authorized user, and the facial recognition security was bypassed.
The photo must be a full image of the bonafide user’s face. Hello Windows uses infrared camera (could be built-in in your computer or a separate addition) to identify the unique shape and contours on a user’s face. The flaw in the system is that it seems to identify a photo of a user’s face the same way it identifies the real face.