News

Microsoft Spotlights Windows Hello 'Companion Devices'

• By Kurt Mackie
• January 13, 2017

Windows Hello, Microsoft's password-less identification verification system, is being supported by a growing list of Microsoft partners that are building compatible hardware.

Microsoft recently turned the spotlight on partners like Nymi, Yubico, RSA and HID, which have been producing what Microsoft calls Windows Hello "companion devices." These devices provide alternative means for verifying user identities without passwords.

Windows Hello unlocks Windows 10 devices via facial scans, fingerprint scans, swipe patterns and PINs. Windows Hello companion devices, on the other hand, add additional access options. They can work without a camera or fingerprint scanning devices to verify users.

Windows Hello companion devices are enabled through specifications in Microsoft's Windows Hello Companion Device Framework. Companion devices are things like bands, cards or USB devices that permit PC access with just a tap, a wireless transmission (Bluetooth or near-field communications) or by plugging a small device into a port. Some of these devices can support multifactor authentication schemes, too.

One of the companion devices featured by Microsoft's announcement is the Nymi Band. It's worn on the wrist and uses a person's cardiac pattern via Nymi "HeartID" technology to authenticate a user. The user taps a button on the band and their cardiac pattern gets verified, unlocking the Windows 10 PC if the pattern matches the one that was used during the Nymi Band setup phase.

Yubico's YubiKey looks like a thumb drive and plugs into a USB port to provide access to a Windows Hello-enabled PC. The YubiKey uses a verification application, built according to Microsoft's Companion Device Framework, to enable the access, according to a Yubico blog post.

RSA has produced an application, called the "SecureID Access Authenticator," that makes a mobile device work like a Windows Hello companion device. A Windows 10 PC can be unlocked by just having the mobile device next to the PC, according to this RSA video.

HID Global added near-field communications to its iClass Seos cards, allowing cards used for building-door access by employees to also serve as Windows Hello companion devices for unlocking Windows 10 PCs. The user holds the card near a device with a contactless reader to unlock the PC or they can use a separate reader device for the process, according to this HID video.

Microsoft's Windows Hello verification scheme uses the Universal Authentication Framework protocol fostered by the FIDO Alliance, an industry coalition initially formed by PayPal to use biometrics for identification purposes, eliminating the need for passwords. The U2F version of the protocol is the one that supports second-factor FIDO ("Fast ID Online") verification. The verification gets carried out by a service that creates a private key for a device during a registration process, according to a description by the FIDO Alliance.

All told, there were "nearly 100 unique biometric-enabled Windows devices and accessories" on the market during the last year's holiday season, according to Microsoft's announcement. It added that more than 20 partners had joined the effort when Microsoft released the Windows Hello Companion Device Framework at Build 2016, Microsoft's developer event held last spring.