Can an identical twin break Windows Hello?
Do you have an evil twin who wants to access all your emails and personal information? Even if they’re of the identical variety, it seems your secrets are safe with Windows 10 as the software’s biometric facial recognition managed to prevent attacks from six pairs of identical twins.
The Australian managed to track down the twins, and set them up with accounts on a Lenovo Thinkpad Yoga 14. One twin would register an account, and then the other would try to unlock it.
The RealSense camera uses photographic analysis, heat detection and depth detection to see who is sitting in front of the computer. This makes it a bit more reliable than mobile phone solutions. Selecting ‘face unlock’ on Android phones in the past has made me worry about security, and Google has had to add in a ‘blink check’ after the technology was fooled by photographs.
The heat sensor means Windows Hello is not open to this kind of manipulation, and the results were impressive. “In the end, there were some cases of Windows Hello taking its time to identify a twin, but no case of it wrongly granting access. That’s a win for Intel and Microsoft,” wrote Chris Griffen.
Microsoft claims that the false acceptance rate for its facial recognition is less than one in 100,000. If even identical twins can’t beat the system, then it looks like hackers will need more than clever make-up to fool Windows 10.
Of course, not all computers support it so, if you don’t have a camera that’s up to the challenge, you’re stuck with passwords. Just make sure you pick a good one to keep hackers – or evil twins – at bay.