Windows Hello and privacy: FAQ

Show all

What is Windows Hello?

Windows Hello, part of Windows 10, is a new way to sign in to your devices, apps, online services, and networks. Windows Hello works with a credential technology called Microsoft Passport that’s easier, more convenient, and more secure than using a password, because it uses "biometric authentication"—you sign in with your face, iris, or fingerprint (or a PIN). Devices with face sensors or fingerprint readers running Windows 10 will work with Windows Hello now, and iris sensors will be available soon.

Go to Start Start icon, then select Settings > Accounts > Sign-in options to set up Windows Hello. In addition to selecting a sign-in method, you’ll also set up a PIN as a backup.

Do I have to use Windows Hello to sign in to Windows 10?

No. If you don't use Windows Hello, you can sign in using a password or a PIN. If you decide to use Windows Hello and change your mind later, you can turn it off in Settings.

What data is used to identify me and how is that data stored?

During setup, Windows takes the data captured from the face or iris sensor or fingerprint reader and creates a representation that it encrypts and stores on your device. (This isn’t an image; it’s more like a graph.) The representation of you stays on your device. Windows never stores pictures or images of your face, iris, or fingerprint on your device or anywhere else.

Once I've completed the setup process, can I change the information used to recognize me?

Yes. You can change how you want to sign in via Settings. If your appearance changes dramatically, you can re-enroll. The system will recognize past and current enrollments, for example you with or without a beard, glasses, or heavy makeup. Go to Start Start icon, then select Settings > Accounts > Sign-in options to re-enroll.

Does any of the data Windows Hello collects ever leave my device, and if so, how is it transmitted?

Your identification data—the representation of your face, iris, or fingerprint that's created when you enroll—never leaves your device. To help us keep things working properly, to help detect and prevent fraud, and to continue to make improvements, Microsoft collects usage data such as which method you used to sign in (face, iris, fingerprint, or PIN), the number of times you signed in, and whether or not each sign in was successful. This data is stripped of any information that could be used to specifically identify you, and it's encrypted before it's transmitted to Microsoft.

Can you recreate my face, iris, or fingerprint from the data that Windows Hello collects?

No. The identification data collected to sign you in isn’t an actual image. It’s a representation based on the unique qualities of your face, fingerprint, or iris (more like a graph than an image). This data can’t be used to recreate an image of your face, fingerprint, or iris.

Can I delete my Windows Hello identification data?

Yes. You can delete identification data in Settings. If you have enrolled more than once (for example, with and without glasses), deleting your identification data deletes every enrollment.

Do third parties have access to my Windows Hello identification data?

No, third parties don’t have access to your Windows Hello identification data.

Learn more about Windows and privacy