windows-hello
5 posts tagged windows-hello.
-
"The Vault is Solid. The Delivery Truck is Not." -- Microsoft Recall's Two-Year Re-Architecture from Plaintext SQLite to VBS Enclaves
How Microsoft Recall went from a plaintext SQLite database broken in four weeks to a VBS-Enclave + TPM-sealed + Hello-gated architecture, and what TotalRecall Reloaded still extracts. (Article title borrows Alexander Hagenah's framing, attributed in §8.1.)
-
Fuzzy Extractors and the One Inequality That Explains Why Windows Hello Doesn't Use One
Fuzzy extractors turn noisy biometrics into stable cryptographic keys. A single 2004 inequality explains why Windows Hello deliberately does not use one.
-
WebAuthn and Passkeys on Windows: From CTAP to the Credential Provider Model
The know/have/are taxonomy collapses against modern phishing kits. Passkeys, WebAuthn Level 3, CTAP 2.x, and Windows 11 24H2 third-party providers score against the criteria that actually matter -- and recovery is the load-bearing column.
-
Adminless: How Windows Finally Made Elevation a Security Boundary
Administrator Protection replaces UAC with a system-managed admin account created per elevation, gated by Windows Hello, and destroyed when the job is done.
-
No Secrets to Steal: How Windows Hello Eliminated the Shared Secret
How Windows Hello replaced passwords with TPM-backed biometrics, survived a decade of attacks, and helped make passwordless the default.