Windows 10: Security Researchers found a way to trick Windows Hello authentication, but there is a...

Microsoft pushes Windows Hello authentication using biometrics or a Pin in Windows heavily. In fact, it may be quite difficult to set up Windows without setting at least a Pin for Windows Hello authentication. Microsoft claims that Windows Hello offers better protection compared to the traditional password that users use to sign in.

However, Windows Hello is not without flaws of its own. In 2023, security researchers managed to bypass Windows Hello fingerprint authentication. One year earlier, a bug caused Windows Hello sign ins to stop working after systems were upgraded to the then-latest version of Windows, version 22H2.

Two security researchers demonstrated another flaw in Windows Hello at the Black Hat conference in Las Vegas according to The Register. Dr Baptiste David and Tillmann Osswald from ERNW Research showed how a hacker can crack Windows Hello authentication.

The research-team demonstrated how a hacker could inject biometrical data into a Windows PC to unlock the system. They found a flaw in the CryptProtectData database, that secures authentication information. The flaw requires administrative access or some other form of elevated access to the system, e.g., via a malware infection.

How to protect your system against the attack


The researchers note that Windows PC users have two options to protect their devices against this specific attack.

• Windows Hello Enhanced Sign-In Security (ESS): if ESS is enabled, the hack is not possible. It is activated by default, provided that the PC meets all the requirements.
• Pin instead of biometrics: Switching to a Pin instead of using biometrics is another option, according to the researchers.

Enhanced Sign-In Security protects the face algorithm using VBS. This isolates it from the rest of Windows. System requirements include meeting all requirements for Virtualized-Based Security, TPM 2.0, device firmware with Secure Devices ACPI table, and Biometric sensor hardware and drivers that support / are compatible with ESS.

Not all systems support ESS as a consequence. The researchers told The Register that they purchased Thinkpads less than two years ago and that they did not support ESS as "they do not have a secure sensor for the camera because they use AMD chips and not Intel's".

The issue is going to be difficult to fix according to the researchers. It would require a "significant code rewrite" or other change, such as using TPM to store the biometric data.

Now You: how do you sign in to your Windows systems? Do you use a password or Windows Hello? Feel free to leave a comment down below.

Thank you for being a Ghacks reader. The post Security Researchers found a way to trick Windows Hello authentication, but there is a simple fix appeared first on gHacks Technology News.

read more...

 

Windows 7 virtual wifi authentication mode

Hello.

Just a quick question to whoever is using windows 7 virtual wifi capability - when you type in "netsh wlan show hostednetwork", cmd window displays a list of settings for your hosted virtual wifi.

I was wondering, is there a way to change authentication method from WPA2-Personal to simple WEP ?

Cheers.

 

Security Key and Authenticator

Hello Andrea,

To address the issue with your Microsoft account sign-in process where it prompts for the authenticator code instead of the security key, you may need to check your sign-in options in your account settings. Ensure that your security key is set as the preferred method. If the problem persists, you could also try these options.

1. Check Security Key Configuration:
   
   • Make sure that your security key is properly set up and registered with your Microsoft account.
     
   • Verify that the security key is correctly inserted into a USB port on your computer.
     
2. Device Compatibility:
   
   • Ensure that your security key is compatible with your device. Some older devices or operating systems might not fully support security keys.
     
3. Microsoft Authenticator Settings:
   
   • Open the Microsoft Authenticator app on your mobile device.
     
   • Check if you have any other accounts (e.g., personal Microsoft account, work/school account) added to the app.
     
   • If you see your Microsoft account listed, try removing it from the Authenticator app and then re-adding it.
     
4. Fallback Options:
   
   • If you encounter issues with the security key, consider using a temporary workaround:
     
     • Sign in with your username and password.
       
     • Use a time-based one-time password (TOTP) generated by the Authenticator app for two-factor authentication.
       
5. Notifications and Updates:
   
   • Ensure that notifications are enabled for the Authenticator app:
     
     • Go to Settings > Notification Settings and make sure Show notifications is turned on.
       
   • Keep the Authenticator app updated to the latest version:
     
     • Go to Settings > App updates and ensure it’s turned on.
       
6. Device Lock Screen:
   
   • Make sure your device requires a PIN or biometric (e.g., fingerprint, face recognition) to unlock. This ensures better security.
     
   • Re-enable face ID or fingerprint unlock if necessary.
     
7. Retry and Intermittent Errors:
   
   • Sometimes errors are intermittent. If you faced a problem previously, retry your sign-in to see if the issue persists.
     

Remember that using a security key provides an additional layer of security, and it’s essential to ensure its proper configuration.

Hope this helps,

Fathia A

 

Windows Hello & FIDO2 Security Keys authentication for shared devices

Source: Windows Hello and FIDO2 Security Keys enable secure and easy authentication for shared devices - Windows For Your Business