How to enable and use Windows Hello?


What is Windows Hello?

Windows Hello is a biometric authentication solution available in recent Windows 10 and 11 versions. Hello enables users to sign in to a device via fingerprint, facial recognition, iris scan, or PIN number. Windows Hello configurations are local to a specific device and do not affect the user experience on other devices. Local or AD users can always choose to sign in to a device with a username and password in place of biometrics, if desired.

For AD users, AD credentials are cached encrypted on the system. When the computer is unlocked with biometrics, the AD credentials are automatically used to access domain resources like the S and U drives.

Windows Hello in a domain environment is sometimes referred to as Hello in convenience mode. For more information, see

What is Windows Hello for Business?

Windows Hello for Business is a Microsoft solution for password-less authentication across an organization. When a device is successfully unlocked through biometrics, a certificate is sent to backend servers to authenticate the user. This is not currently enabled for U of I.

Hello and Hello for Business are different implementations of biometric authentication. Hello for Business requires specific infrastructure and AD options to be in place in order to work properly. OIT does not support Hello for Business at this time, if enabled it may not function as expected.

For further reference:

Is Hello or Hello for Business allowed?

Windows Hello is allowed by  OIT on capable Windows devices. If Windows Hello for Business is enabled for UI at a later date, simple Windows Hello may be disallowed with little notice.

Current OIT Standards for Passwords support use of Windows Hello


How to enable Hello for users?

At the present time, users who wish to enable and configure Windows Hello must install an application from Software Center. This step will no longer be necessary in the near future.

From the Windows 11 device on which you wish to use Windows Hello:

  • From the start menu, locate "Sign-in Options" and click on it
    • Uploaded Image (Thumbnail)
  • Select the sign in option you wish to configure
    • This guide will be for setting a fingerprint and PIN, but if your device is capable, you can also use facial recognition
    • Uploaded Image (Thumbnail)
    • Click on the "Get started button in the Windows Hello setup window
      • Uploaded Image (Thumbnail)
    • Follow the guide in the Windows Hello setup window to add fingerprints
      • Uploaded Image (Thumbnail)
      • Uploaded Image (Thumbnail)
      • You may add additional fingerprints
    • You will be required to create a PIN, click on the Set up a PIN" button
      • Uploaded Image (Thumbnail)
      • Click on the "OK" button
      • Uploaded Image (Thumbnail)
      • Use your University of Idaho account to sign in
      • Uploaded Image (Thumbnail)
      • Enter and confirm your new PIN - this PIN is unique for this device
      • Uploaded Image (Thumbnail)
      • Windows will require a PIN that confirms to the requirements below
      • Uploaded Image (Thumbnail)
      • Uploaded Image (Thumbnail)Uploaded Image (Thumbnail)
  • Sign out of your device, and test signing in with your biometrics (fingerprint or face) or PIN

Is a Hello PIN secure?

A PIN must be created when enabling Hello biometric login. The PIN helps ensure the user can still access the computer if the biometric hardware fails or if the user encounters a limitation that makes biometrics impossible, such as an injury.

Security controls surrounding the PIN on a device include:

  • A PIN number must be at least 6 digits long
  • A PIN only grants access to a specific hardware device. Other devices cannot be accessed, unless the user reuses the same PIN across Hello-enabled devices.
  • A PIN does not grant access to online resources, like MyUI or Office 365.
  • A PIN is protected against brute force attacks through increasing PIN lockout delays

For further reference:

It is highly recommended that the PIN is only used as a backup for a biometric-based logon.


Known Issues and Considerations

Please note that Hello has not been widely tested. Other issues may exist that have yet to be discovered, and this allowance may be removed at a future date.




Print Article


Article ID: 1217
Fri 12/7/18 12:13 PM
Tue 6/18/24 9:12 AM