Get your free and exclusive +30-page Authentication Analytics Whitepaper
Back to Overview

Why Windows Hello and Passkeys Will Ditch Your Passwords

Windows Hello & Passkeys: Discover how to replace passwords with passkeys for a seamless Windows user experience.

Blog-Post-Author

Daniel

Created: July 28, 2022

Updated: March 25, 2026

windows-hello-passkeys-replace-passwords

Our mission is to make the Internet a safer place , and the new login standard passkeys provides a superior solution to achieve that. Thats why we want to keep you up to date on the latest developments in the industry.

You love the simple way of unlocking your laptop using Windows Hello? Well, then we have good news for you! Similarly to Apples Face ID and Touch ID, Windows Hello will enable you to experience passkeys on devices running on Microsoft Windows (over 90% of all Windows 10 and all Windows 11 users can use Windows Hello). In a discussion with Corbado, a Microsoft employee working on the passkey initiative added that many users set up Windows Hello during the out-of-the-box experience as part of setting up Windows. Already today, you can ditch passwords to log into your Microsoft account and also use Windows Hello authentication outside of the Microsoft environment. Let's free the world from passwords together.

Key Facts
  • Windows Hello reaches over 90% of Windows 10 users and all Windows 11 users, with many configuring it during the out-of-the-box Windows setup experience.
  • Since 2016, Microsoft requires TPM chips on new devices; over 90% of currently manufactured devices already have the hardware required for passkey support.
  • A Windows Hello PIN is more secure than an online password because it is stored locally on the device and never transmitted to or stored on a server.
  • Passkey syncing through a Microsoft account means users can authenticate from any linked device without separate device registration, enabling seamless cross-device access.
  • Microsoft joined Apple and Google in committing to passkey rollout; Apple launched support on September 19, 2022, with widespread adoption expected shortly after.

1. What is Windows Hello?#

Windows Hello is the name for passwordless authentication options on Windows 10 and 11. Most of the login options are biometric, which means that they use a trait of your body for identity verification. That includes scanning your face or fingerprint using methods similar to Apples Face ID and Touch ID. Windows Hello also allows using a PIN (personal identification number) as an alternative to a password or as a fallback option.

Recent Articles

To use Windows Hello, your device must have a Trusted Platform Module (TPM) chip included on which the cryptocraphic keys are stored. Since 2016, Microsoft requires hardware manufacturers to integrate TPM on newly manufactured devices, so over 90% of currently manifactured devices are already equipped with the required hardware. Moreover, a requirement for Windows 11 is the TPM. Whether your device is equipped with TPM, can be checked here.

Windows Hello provides two login options, either based on biometrics or PIN.

Windows-logo

Windows has introduced passkeys

Join them

2. Windows Hello Biometrics#

In order to use the biometric login options your device must either include a built-in sensor for biometric logins or youll need to connect an external webcam or fingerprint reader. As face recognition works with the help of an additional infrared sensor that recognizes the facial structure via a deep scan, special webcams are required. This serves as an additional security feature as you cannot hold a picture of a face in front of the camera to trick Windows Hello.

3. Windows Hello PIN#

In case that your device does not have biometric sensors, you can still use Windows Hello as long as your deivce contains the TPM (see section above). Even though a PIN can be much shorter and simpler than a complex password, it is more secure. The reason behind is that it is not the structure of a PIN (length, complexity) that makes it more secure than an online password but the way you use and store it.

Your online password is a shared secret which means that there is always a server that keeps track of a copy of your password. This opens space for two attack vectors: the password can be intercepted during transmission or stolen from a server.

A PIN however is stored locally on the device and is neither transmitted to nor stored on the server. An asymmetric key pair is generated and deployed in the TPM of the user device, which protects the private keys against attackers who want to capture and reuse the keys. Thus, user credentials cannot be stolen if the identity provider or the websites the user is accessing have been compromised. The TPM protects against a variety of attacks including brute force attacks on the PIN. After too many failed attempts, the device is locked.

Substack Icon

Subscribe to our Passkeys Substack for the latest news.

Subscribe

4. How do I enable Windows Hello?#

Activating Windows Hello is quite easy. You just need to follow the steps below:

  1. Select Start > Settings > Accounts > Sign-in options
  2. Scroll down to the Windows Hello section and select "Set up" from the face section

Figure 1: Choose the preferred sign-in option

  1. Click "Get started" on the Windows Hello setup dialog
  2. Look at your camera while it captures the 3D view of your face

Figure 2: Set up the face scan

You can also decide whether your device should unlock automatically as soon as you are seen or if turning your head is required.

If you have a device with finerprint reader, you can select this option, too. The process is the same.

5. How do Passkeys work with Windows Hello?#

Unlocking a laptop or desktop with Windows Hello has been around for several years now. The novelty of passkeys is that Windows Hello will be the standard login option on Windows devices when logging into websites and apps. Your passkeys will be synced within your Microsoft account, meaning that you can sign in from any device that is linked to your account without additional device registration.

As part of the FIDO Allicance, Microsoft announced that they will keep up with the increasing demand of users for passkeys and offer passkeys within the upcoming year. By then, it will also be possible to use your passkeys across different platforms, for instance, if you have an iPhone and a Windows laptop.

Even though passkeys are not officially released by Microsoft, you can already get an impression of a the login ceremony either with the Corbado Demo based on the WebAuthn protocol (see below).

Figure 3: Login with Windows Hello in the Corbado Demo

Slack Icon

Become part of our Passkeys Community for updates & support.

Join

6. How to get started with Windows Hello and Passkeys?#

Together with Apple and Google, Microsoft pushes the roll out of passkeys in the upcoming months. Starting with Apple on September 19, 2022, an ever increasing number of users will be able to use passkeys and a widespread adoption is expected pretty soon after.

Corbado provides APIs that cover all cross-platform and cross-device aspects to let you offer passkey login for all your users and transition them smoothly to passkeys. You dont need to worry about security updates or supported platforms and devices. We have you covered. We will help you in your gradual migration from passwords to passkeys.

To stay updated about the new devices, browsers and operating systems that provide full support for passkeys, subscribe to our passkeys Substack or join our passkeys community.

Frequently Asked Questions#

How does Windows Hello PIN compare to a regular password in terms of security?#

A Windows Hello PIN is stored locally on the device and protected by the TPM chip, meaning it is never transmitted to or stored on a server. This eliminates two key attack vectors: interception during transmission and theft from a compromised server. The TPM also locks the device after too many failed PIN attempts, blocking brute force attacks.

What hardware do I need to use Windows Hello for passkey authentication?#

Your device requires a Trusted Platform Module (TPM) chip, which Microsoft has mandated on all newly manufactured hardware since 2016, covering over 90% of current devices. For biometric options you also need a built-in or external fingerprint reader or a special infrared webcam, since standard webcams cannot perform the 3D facial scan Windows Hello requires.

Can Windows Hello be used for passkey authentication on third-party websites and apps, not just Microsoft services?#

Yes. Windows Hello authentication already works outside the Microsoft environment and is planned to become the standard passkey login method on Windows devices for websites and apps broadly. Cross-platform use, such as authenticating between an iPhone and a Windows laptop, is also planned as part of Microsoft's FIDO Alliance commitment.

How do I enable Windows Hello on my Windows device?#

Go to Start, then Settings, then Accounts, then Sign-in options and select Set up under the Windows Hello face or fingerprint section. You will be guided through capturing your face via the infrared camera or enrolling your fingerprint, and the process takes only a few steps. A TPM chip must be present on your device for setup to succeed.

See what's really happening in your passkey rollout.

Start Observing

Share this article

LinkedInTwitterFacebook

Related Articles

apple-passkeys-ios-macos

How Apple Passkeys are Used on iOS and macOS

Daniel - July 14, 2022

complex-passwords-cracked-soon

Why Also Your Most Complex Password Will Be Cracked Soon

Vincent - June 18, 2022

entra passkeys

Microsoft Entra Passkeys: Use Passkeys for Employees

Vincent - January 18, 2024

microsoft-passkeys-best-practices-analysis

Microsoft 365 Passkeys: Analysis of Sign-ups & Logins with Passkeys

Vincent - July 4, 2023

passkeys product managers

Passkey Bible for Product Managers

Robert - May 22, 2023

Enterprise Passkeys

Enterprise Passkeys: Apple, Google & Microsoft's Offerings

Lukas R. - November 9, 2023

Table of Contents