This post was originally published on this site is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to

Windows Hello spoofSecurity researchers fooled Windows Hello face identification with this crayon colored printed photo. YouTube/SySS Pentest TV

  • Using your face as a password seems like an ideal situation. You can’t forget it, and others can’t easily steal it. 
  • But it turns out, Microsoft’s face-authentication software for some older versions of Windows 10 can be fooled rather easily with a modified photo.
  • The good news is that the latest versions of Windows 10 have fixed the flaw.

German security researchers SYSS have published a series of videos showing how they tricked Windows 10’s face authentication, known as Hello Windows, with a photo. 

They tested the attack with a Dell Latitude and a Microsoft Surface Pro, and found that over a half dozen versions of Windows 10 could be tricked. They posted their findings to Full Disclosure, a site where researchers publish the holes they find, where it was first spotted by The Register’s Richard Chirgwin.

As is typical with these types of things, there are caveats. The biggest is that if you are using the latest version of Windows, the “Fall Creators Update,”  (aka versions 1703 or 1709), you may be safe. Those versions fixed the flaw — but you have to set up Hello Windows from scratch. Hello Windows has a feature called “anti-spoofing,” and that feature must be turned on as well.

Another caveat is that the photo had to be modified to look like it was a scan by a near-infrared camera. Windows Hello uses near-infrared cameras to unlock devices because they work well in low light and most photographs are not taken with such cameras. In one test, they printed the photo using a printer and then colored it with a red crayon.

The lesson here is that face identification, although promising, is still far from totally foolproof, and your best bet is to make sure you always keep all your devices updated.

Microsoft could not be immediately reached for comment.

Get the latest Microsoft stock price here.

At L Technology Group, we know technology alone will not protect us from the risks associated with in cyberspace. Hackers, Nation States like Russia and China along with “Bob” in HR opening that email, are all real threats to your organization. Defending against these threats requires a new strategy that incorporates not only technology, but also intelligent personnel who, eats and breaths cybersecurity. Together with proven processes and techniques combines for an advanced next-generation security solution. Since 2008 L Technology Group has develop people, processes and technology to combat the ever changing threat landscape that businesses face day to day.

Call Toll Free (855) 999-6425 for a FREE Consultation from L Technology Group,