Using Windows Hello to Add Security

Signing in Windows 10 on Surface Pro tablet PC using Windows Hello, which is a face recognition feature which allow users to log in by scanning their faces.

Authentication is a tricky thing for businesses. While people want to be secure, they also want to make that security as convenient as possible. Developments involving solutions like Windows Hello, a biometrics authentication system used by Microsoft, have been pushing this trend forward. Let’s take a look at Windows Hello and see what kinds of authentication features it brings to the table.

What is Windows Hello, Anyway?

Simply put, Windows Hello is an authentication technology that Windows users can utilize to authenticate their identities. This is done through the use of biometrics rather than a password. The key feature here is that Hello is designed to be more user-friendly than passwords. Meanwhile without putting security on the line. Biometric technology uses proof of a physical attribute, i.e. something you are and compares that to a previously stored record. So, you scan your face, fingerprint, or iris, and if it matches the saved record closely enough, then you are granted access to the device.

How It Works

Passwords have long been considered the standard for computer security, but there are many flaws with them that need to be taken into consideration. Of course, we would never say that you ditch passwords entirely; all we are saying is that there are a lot of best practices to think about in regards to passwords. For example, if a user has over 100 passwords, then each of them must be complex and follow established best practices, which is a lot for your average user to consider when it is so easy to just reuse the same old one multiple times. These types of insecure decisions can lead to poor security as a result.

Windows Hello aims to make security easy through the use of biometrics. It even has a built-in anti-spoofing technology that can keep hackers from tricking the system into admitting them.

Does Windows Hello Belong in Businesses?

If you choose to implement Windows Hello in the workplace, we recommend that you supplement it with other security precautions and features. Microsoft has suggested that this feature will carry over to Windows 11, and password access will be reinforced by other built-in protections.

If you need assistance with implementing a comprehensive security strategy for your organization, 4Corner IT can help. We have the tools you need to keep your network safe. To learn more, reach out to us at (954) 474-2204.

Best Password Practices from NIST

Closeup of Password Box in Internet Browser. NIST

When a hacker tries to access one of your accounts, the first challenge they must overcome is the password. This is why industry professionals always encourage you to create them with security in mind. The latest guidelines issued by the National Institute of Standards and Technology, or NIST, are not quite conventional or traditional. However, they do give valuable insights into how to create more secure passwords.

What is the NIST?

The NIST is the authority on all things password-creation, and they are no strangers to issuing various best practices. While these practices do shift over time, due to the unfortunate side-effect of threats adapting to security standards, their advice is trusted and should absolutely be considered by all. Please see below for the recent update on password best practices.

The New Guidelines

Many organizations and Federal agencies have adopted these guidelines. Here are the latest steps to take when building a secure password.

Length Over Complexity

Most security professionals have advocated for password complexity over the past several years, but the guidelines issued by NIST disagree. NIST suggests that the longer the password, the harder it is to decrypt. They even go so far as to say that complex passwords with numbers, symbols, and upper and lower-case letters make passwords even less secure.

The reasoning for this is that the user might make passwords too complicated, leading them to forget them entirely, so when it comes time to replace the password, they will add a “1” or an exclamation point at the end. This makes them easier to predict should the original password be stolen. Users might also be tempted to use the same password for multiple accounts, which is a whole other issue that certainly does not aid in security.

No More Password Resets

Many organizations require their staff to periodically change their passwords, mostly every month or every few months. The idea here is to preemptively change passwords on the off chance that the old passwords have been compromised. Trying to use the same old password multiple times would then lock the hacker out of the account, as the password has since been changed. While this has been an accepted best practice for some time, NIST recommends that this practice be put to the wayside, as it is actually counterproductive to account security.

The reasoning behind this determination is that people will not be as careful with the password creation process if they are always making new ones. Plus, when people do change their passwords, they will use the same pattern to remember them. This means that passwords could potentially be compromised even if they have been changed, as a hacker could recognize the pattern and use it against the user.

Make Passwords Easy to Use

Some network administrators worry that the removal of certain quality-of-life features such as showing a password while the user types it, or allowing for copy/paste, will make the password more likely to be compromised. The truth is the opposite. Ease of use does not compromise security. People are more likely to stick to established password protocol if you make it easier for them to do so.

Don’t Give Out Password Hints

At the same time, you don’t want to make things too easy for your employees, either. One way that administrators help out employees who easily forget passwords is by providing password hints. The system itself is flawed, especially in today’s society of oversharing information across social media and the Internet in general. If Sally makes her password based around the name of her dog, for example, the hacker might be able to find that information on her social media page. Then can try variations of that name until the code is cracked. So, in the interest of network security, it’s better to just forego these hints. There are other ways to make your password system easier to deal with that don’t compromise security.

Limit Password Attempts

When you place a limit on password attempts for your business, what you are essentially doing is giving hackers a limited number of chances to get lucky. NIST suggests that most employees will fall into one of two categories in regard to password remembrance. Either they will remember it, or they will keep it stored somewhere (hopefully in a password management system). Thus, if an employee is likely to do one or the other, a limit on password attempts will not necessarily impact them. However, it will make all the difference against security threats.

Implement Multi-Factor Authentication

COMPANYNAME recommends that your business implement multi-factor authentication or two-factor authentication whenever possible. NIST recommends that users be able to demonstrate at least two of the following methods of authentication before they can access an account. They are the following:

  1. “Something you know” (like a password)
  2. “Something you have” (like a mobile device)
  3. “Something you are” (like a face or a fingerprint)

If two of the above are met, then there is sufficient evidence to suggest that the user is supposed to be accessing that account. Consider how much more difficult this makes things for a hacker. Even if they have a password, it is unlikely that they also have physical access to a mobile device, a face, or a fingerprint.

Make password security a priority for your organization now. That way you don’t have to worry about data breaches later on down the road. WheelHouse IT can help you set up a password manager that makes adhering to these best practices easier. To learn more, reach out to us at (877) 771-2384.

Contact Us Today and Check Out Our Cabling Services!