SOUPS 2022 - Exploring User Authentication with Windows Hello in a Small Business Environment
Florian M. Farke, Leona Lassak, and Jannis Pinter, Ruhr University Bochum; Markus Dürmuth, Leibniz University Hannover
Windows Hello for Business is Microsoft's latest attempt to replace passwords in Windows enterprise environments introduced with Windows 10. It addresses some of the common password problems like password leaks or phishing attacks, comes with built-in support for biometric authentication methods like fingerprint or facial recognition, and a new user interface. We conducted a qualitative study with 13 employees accompanying the introduction of Windows Hello in a small business studying its usability and deployability. Over five weeks, we measured authentication times, let participants rate their user experience, and conducted interviews at the end. In general, participants liked Windows Hello and found it more usable than the traditional Windows sign-in scheme. Windows Hello was faster and perceived as more responsive than the traditional Windows login. However, participants tended to use PINs as a replacement for their (longer) passwords instead of using biometrics. Lack of hardware support (no biometric hardware available), the form factor of device or setup of their workplace (e.g., biometric hardware on the other side of the table) were some reasons to not use biometrics but stick with a well-known authentication method like a PIN.
View the full SOUPS 2022 program at https://www.usenix.org/conference/soups2022/technical-sessions