Microsoft Could Bring Windows Hello to Android, iPhone

Posted on October 1, 2016 by Paul Thurrott in Android, iOS, Microsoft-Band, Mobile, Windows 10, Windows Phones with 13 Comments

Microsoft Could Bring Windows Hello to Android, iPhone

With Windows 10 version 1607, Microsoft has expanded the Windows Hello authentication technologies to include support for companion devices. That we knew. But those companion devices, surprisingly, will include both Android and iPhone handsets.

The question is whether those solutions will ever be made available to consumers.

News of this interesting development comes via IDG News, which curiously just mentions the iPhone half of the story. But it’s based, of course, on a Ignite 2016 session called Expand Windows Hello Family to companion devices and browser. I was tipped off to this story by reader Bob Berardino. So thanks for that.

“When you think about a user and the kind of devices they carry with them,” Microsoft senior program manager lead Anoosh Saboori said during the session, “they normally have the phone in their pocket, they [might] have some kind of wearable on their arm, some of them might have the security fobs given to them by their company, and many of us carry a badge with us that is used to gain access to different physical locations. We wanted to leverage these devices as a way to knowing the user.”


Obviously, the phone is the best device to use, because more people have this device with them at all times compared to the other device types. It can be used as a PIN or biometric replacement, where the credentials are still stored on the PC. Or it can store the credentials right on the phone, where both the credentials and the second security factor are mobile; in this case, you could sign-in to any PC in your company’s offices. (Other device types, like fitness bands, may only be able to handle the first of those two scenarios, depending on the device.)

Saboori’s talk focused only on businesses—in fact, he referred to “Windows Hello for business” many times—but there’s no reason that the first of the two scenarios noted above couldn’t work on consumer PCs. In fact, I wouldn’t be surprised if the Microsoft Authenticator app became the conduit for this activity. But during the Q&A, he noted that an RSA demo he did earlier in the talk “was an iPhone solution,” which I suspect is what inspired the IDG story to focus on iPhone.

“There are other solutions coming for iPhone too,” he said, “more than one, but that [the RSA solution] is the closest one to shipping.” IDG should have kept listening, as Saboori later said that Android solutions were coming from partners too. But in both cases, I think he was referring only to business solutions.

Looking to the future, Saboori also noted that Windows Hello would someday be extended so that the PC will automatically lock when the companion device that unlocked it moves too far away from the PC.


Tagged with

Premium Comments (1) Comments (12)
Elevate the Conversation!

Join Thurrott Premium to enjoy our Premium comments.

Premium member comments on news posts will feature an elevated status that increases their visibility. This tab would allow you to participate in Premium comments with other premium members. Register to join the other Premium members in elevating the conversation!

Register or Subscribe
1 Comment
Sort by Votes | Date
  1. 0 | Reply
    chrisrut Alpha Member #193 - 3 months ago

    I've been postulating the use of companion devices as the second (and perhaps most important) factor in authentication for a long time. Particularly nice with "prioximity" authentication - just get near a resource and it can recognize you (or not) - and if you meet its requirements - provide  access to the resource. They can also host the working (or master) instance of one's profile.

    It seems obvious to me that eliminating the use of passwords entirely is a desirable goal. Passwords can be hacked, copied, stolen, etc. Thus stealing or otherwise obtaining passwords is far and away the major goal of hackers - get the passwords - own the accounts. Tying access to a physical device - deprecating the value of the passwords - can break the back of these attacks. A real game changer for security.