Unlocking Windows 10 PCs with smartphones, wearables, smart cards

With Windows 10, Microsoft is slowly moving towards removing passwords as the main authentication method for users to log in to their (locked) computers.

Windows Hello, the password-free authentication feature that comes with the OS, works by recognizing the users’ face, iris, or fingerprint, but could initially be used only by those that had a supported infrared-illuminated camera (for face and iris recognition), a supported fingerprint reader, or companion devices such as Microsoft Band and some Windows phones.

With the release of Windows 10 Anniversary Update, the feature has been expanded to support a wider array of companion devices, so that users with older computers without infrared cameras or fingerprint readers can still take advantage of it.

As Anoosh Saboori, senior program manager lead for OS security at Microsoft, demonstrated last week at the Ignite conference, Windows Hello will now also work with Android smartphones and iPhones, HID smart cards, Yubico’s YubiKey (USB device), and the Nymi band (a wearable that authenticates the wearer by detecting his or her heartbeat).

All of these devices can be used as second authentication factor (credentials are on the Windows 10 device), but only some can be used in the “portable credential mode”:

Windows Hello companion devices - scenarios

That’s because not all of the mentioned devices have adequate crypto capabilities to keep stored credentials safe. So, the second scenario is pretty much reserved for smartphones.

Initially iPhones will be used by means of a RSA SecurID authentication tool installed on the device.

If the phone is used to log in to a Windows 10 computer located on a public network, the user will have to “confirm” the unlocking, but if the device is on a trusted, corporate network, the computer will unlock automatically when the smartphone is near.

Other third-party solutions for iPhone are in the works, and so are those for Android.

For the moment, all of these options are just for business users, and it’s unknown when or whether they will be provided to home users.