Why Windows Hello doesn’t work for all organizationsFred O'Connor | August 13, 2019
After becoming the preferred way for consumers to access smartphones, passwordless authentication using biometrics is appearing in enterprises. Validating passwordless authentication is Microsoft and its Windows Hello biometrics technology.
In July, Microsoft showed that biometrics are poised to replace passwords after announcing that the next major Windows 10 release will give people the option of using Windows Hello instead of a password to access Microsoft accounts. Microsoft is also replacing passwords with biometrics for employee access this year and expects other companies to follow suit within six years.
Judging from our talks with customers, they’re interested in Windows Hello and going passwordless. Security and IT professionals want an authentication method that’s more secure than passwords while people who handle digital experiences want a more convenient way for employees to authenticate.
Why Windows Hello doesn’t work for all enterprises
Our customer conversations also reveal that using only Windows Hello for passwordless authentication isn’t an option for every company, especially ones with complex IT environments. While many businesses use Windows 10 and some have invested in the hardware to support Windows Hello, most don’t exclusively use Microsoft products. Even in companies that primarily use Microsoft products, not every employee has the latest OS and hardware. Based on our customers’ feedback, here’s why Windows Hello doesn’t work for every organization.
Windows 7 isn’t dead yet: Windows Hello only works with Windows 10. However, out of all the PCs operating Windows, 36 percent of them still run Windows 7. And while Microsoft is ending Windows 7 support in January 2020, companies that want to continue using the OS instead of upgrading to Windows 10 can buy Extended Security Updates. Meanwhile, organizations that are heavy Windows 7 users may try to negotiate a custom support deal with Microsoft. The U.K.’s National Health Service, which runs Windows 7 on just over 1 million computers, could be pursuing this option. In other words, some organizations will likely continue to use Windows 7 for some time, preventing them from using Windows Hello.
Got hardware: Using Windows Hello requires a computer with a fingerprint scanner, iris reader or near infrared 3D camera. Companies, however, may lack the budget or will to invest in PCs or peripherals that support Windows Hello.
Not everyone is a PC: Some employees are team Apple and would never trade their MacBook for a Windows machine. But Windows Hello doesn’t work with Macs so the Face ID and Touch ID crowd can’t use it.
Employees use non-Microsoft apps too: Windows Hello authenticates into some non-Microsoft apps. But that list lacks ones commonly used in enterprises, like Salesforce, Citrix and G Suite. Microsoft said more Windows Hello compatible apps are coming, this doesn’t help companies that want robust passwordless authentication immediately.
Edge isn’t the only browser on the market: If you want to use Windows Hello, fire up Microsoft’s Edge browser. It’s the only one that works with Windows Hello for authenticating into a Microsoft account. Sorry anyone who uses Chrome, Firefox, Safari or another browser.
VeridiumID: A hybrid approach to passwordless authentication
Many organizations want a hybrid approach to passwordless authentication that accommodates different OSes, browsers and hardware. VeridiumID compliments Windows Hello and lets enterprises with diverse IT ecosystems adopt passwordless authentication.
The VeridiumID passwordless authentication platform:
- Works with many OSes, including Windows 10, Windows 7, older versions of Windows and macOS.
- Requires no hardware beyond a smartphone or webcam.
- Allows employee authentication into non-Microsoft apps including Salesforce, G Suite and Citrix. VeridiumID can also be used for consumer and transaction authentication.
- Uses a smartphone for employee authentication into devices like a personal computer, supporting the BYOD movement.
- Enables out of band authentication by using a smartphone as a possession factor in the authentication process. Using GPS-based location from a smartphone offers a more secure authentication process compared to IP-based location from a laptop.
- Supports Chrome, Firefox, Safari and other browsers in addition to Edge.
With VeridiumID, organizations that have invested in Windows 10 and the hardware and software for Windows Hello can continue to use that technology while allowing passwordless authentication for employees who run older versions of Windows or don’t use Microsoft products.