Microsoft wants us to stop using passwords but they aren’t quite ready yet.
For years we have been using passwords to secure our logins to things like banking sites, Facebook, our smartphones and especially our computers. For some reason Microsoft thinks the idea of using passwords is outdated and ineffective. Sure if you use a password like your name or birthday then it’s not super effective but then again that’s your fault for using a password like that.
Microsoft has a newer feature built into Windows called Hello that uses things like facial recognition and fingerprint scanners to authenticate you to your computer and they are pushing for people to start using that rather than traditional passwords. Of course this feature is not supported on all devices and older versions of Windows.
Regardless of compatibility issues a research company in Germany was able to trick Hello into logging on a user with a laser printed photograph of that user that was taken with a near infrared camera. Now most people don’t have one of these cameras (we assume) but if you really wanted to do some cyber crime you could go out and get yourself one.
Supposedly newer Windows 10 versions are more secure but if you have set up Hello while on an older version you should probably set it up again after updating to a newer version because the flaw may be transition to the newer version of Windows. This problem was discovered on Windows 10 that were running older versions than the Fall Creators Update. Hello does have an anti-spoofing feature but apparently it is not supported on many devices.
Microsoft is not alone with this problem. Apple has a similar feature called Face ID and testers were able to bypass the security with photographs and even relatives of the user that it was setup with so for now you might want to stick with passwords or maybe try the fingerprint or iris scan methods since they are harder to fake.