Microsoft’s Windows Hello Fingerprint Authentication has been Bypassed
The much-vaunted Windows Hello fingerprint authentication system which was Microsoft’s latest attempt at greater online security, has been bypassed by far more tech-savvy hackers. Windows Hello is the biometric sign-in feature which was rolled out starting with Windows 10 in 2015, to allow users to sign in to their Windows account using fingerprint or facial recognition.
However, security researchers have raised concerns that this authentication system can be bypassed. Hand-held scanners reportedly used with open-source software can bypass these authentication security measures by mimicking the authentication process. The scanners send data to the authentication process, fooling the system into thinking that it is being authenticated by a recognized user.
The scanners have been widely available online without much difficulty, and can be used by anyone, including cybercriminals, to access a user’s profile. It is believed that these scanners have been utilized in the past for stealing website data and even draining bank accounts.
Microsoft has acknowledged the vulnerability of the Windows Hello authentication system and has provided patches to its user base. But the concern still remains about how to stop unauthorized access to a user’s Windows account. Microsoft is actively looking into tighter identity verification measures that would ensure greater security for its users.
Although the issue is largely considered as a minor breach as of now, it serves as a reminder to all users to be vigilant about their online security. With cybercriminals always looking to exploit weakness in authentication systems, everyone should be aware of the various ways in which their identity can be compromised.
It has also put the onus on Microsoft to further improve its authentication system. With the global pandemic increasing the dependence of individuals and businesses on digital identity authentication, it is essential for companies to ensure the utmost privacy and security of their users.