When the Windows 10 advertising campaign begins in earnest in a few days, the new operating system will not only have a new face — or, more accurately, a returning part of an old face — but it will also have an eye.
“Users are gonna love it. I know that’s a crazy thing to say,” said Microsoft Corporate Vice President Joe Belfiore during a recent company conference, “but they’re going to love it because this is a security system that’s going to smile and wink at them, take steps away and give them a flexible way to move documents around while protecting their companies’ data.”
“Love” is a word that new CEO Satya Nadella has embedded deeply within the company’s vocabulary. One wonders whether the Pacific Princess logo would have been more appropriate for the new company image than the flag of Shetland Province.
What Belfiore is hoping you’ll love is a biometric feature called “Hello” that looks out at you, and hopes that you’ll smile back at it ... so that Windows can keep borrowing your face as an authentication tool.
I Sometimes See You
The lock screen for logging in to Microsoft Windows has never really been taken seriously by its users. It started out as essentially a convenience feature for locking out co-workers when the user gets up from her cubicle for a cup of coffee. For most of its history, the lock screen could be bypassed.
When it became a “security feature” in Windows XP, the lock screen became the very symbol of Windows’ insecurity. Cracking the password could be done by a five-year-old. (In fact, Vista’s removal of the Microsoft logo from its lock screen may have been to spare the brand from further embarrassment.)
Once Microsoft came to its senses and realized that the world of mobile computing was blowing Windows by, it gambled on remaking Windows’ image to appear more mobile-ish. Every aspect of the operating system needed a makeover, including the lock screen.
Is It Me You’re Looking For?
In an effort to move every Windows user into a Microsoft-owned namespace in a way that Bing never could, Microsoft leveraged the Windows 8 lock screen to advance the Microsoft Account, compelling users to enter their Account name and password to move past the lock screen. Any hope of a “One Windows” vision for all platforms required a way for users to be recognized everywhere. Android accomplished this with Gmail logins, but Windows would not be able to match this feat on the strength of Microsoft’s mail services.
So Windows 8 put the Microsoft Account front and center, in one of those moves I said could make or break the system’s success. Astonishingly, Microsoft’s tying of its Account system to Office and Office 365 was a successful move. Its tying of Account to its renamed and revamped OneDrive service was also a successful move.
It all seemed to be working. But the long-standing legacy of the lock screen’s futility overshadowed any benefit that Account could have brought to Windows 8 users. Inevitably, people found a way to turn it off.
In so doing, users bypassed what was supposed to be a second, more important security feature: limited user access. Demoting the standard user to a less trusted status would have meant that malware attempting to spoof that user would not gain system kernel access.
Promoting every user to administrator status effectively turned that feature off. Today, many consumers who use Windows promote themselves to administrators to avoid being nagged by the lock screen, even if logging in with a Microsoft Account enables Windows to engage single-sign-on.
And in virtual desktops, where a growing number of Windows clients are actually being installed for the workplace, network admins use group policy to drop the lock screen anyway, assuming that the VDI environment will take care of any authentication issues.
Tell Me How to Win Your Heart
“I’ve worked on these devices for years. Every single morning I come in, and it’s asking me to type my name,” related Microsoft Principal Program Manager Nelly Porter at last May’s Ignite conference. “And after that, it’s asking me to insert something that I already lost — my smart card — or type something that I already forgot — my stupid password.
“Only after all of this, it’s finally saying, ‘Oh, thank you! It’s Nelly! Wow!’ Every single time, for years and years to come.”
What Porter made obvious — for some engineers, for the first time — was the fact that distrust as a baseline for security rubs off on the people who are distrusted by default. The fact that systems have no memory of their users takes away from what those users ascribe to be their systems’ personalities.
Porter’s goal with Hello on Windows 10, she said, was to endow Windows with “senses.” The long-term goal is to enable biometric authentication through face identification, fingerprints, and later iris scanning. Biometrics over the years have proven futile in practice, because organizations tend to enable bypasses as alternatives. (“What happens if you cut your finger off?” an executive once asked me.)
What would make Hello work for Windows 10 when face recognition has failed in the past, is its continual use throughout the work session. During the lock screen process, a one-eyed character called “Winkie” will show the user that it’s looking for her face using the PC’s or device’s on-board camera.
Because the system engages the infra-red sensor, Hello receives a picture of the body heat emanated by the user. So someone holding up a picture of the user in front of his face, would not be able to spoof the user.
Whenever the system needs to make certain that the user is present at the time an admin-level request is being made — for example, move a restricted document into a personal folder — Winkie will reappear, indicating that the system is looking for the user’s face again. Winkie’s eye will center itself once the user holds still. Otherwise, nothing interrupts the user — no user access control screen, no reassertion of the password, no warning that implies that the user may be doing something stupid when she’s only trying to do something requiring intelligence.
‘Cause I Haven’t Got a Clue
Up until now, the most powerful and efficient identity mechanism Microsoft has ever created has been Active Directory. In organizations that employ AD, authentication tends to work fairly well.
And that’s a problem, at least for Microsoft. AD has been rooted to organizations’ networks, so when the company tries to bridge the gaps for Windows users between their corporate networks and their personal devices, AD won’t extend far enough. So it’s building what could be a successor to AD, called Azure Active Directory, in its Azure public cloud.
Getting consumers and enterprise users to want to move to yet another authentication platform from Microsoft could very well be impossible. The odds are against the company at this point, thanks to the unprecedented failure of Windows 8 in the market.
Enter Winkie. Microsoft hopes that a simple, blinking eye will spark some sense of personality, helping users to anthropomorphize Windows just a little bit more, perhaps coax them into believing that when Windows makes mistakes... hey, it’s only human.
And when business users allow Hello to see their face so that they may “bypass” the lock screen this time, they’ll actually be registering themselves with Azure Active Directory. At least, that’s the plan today.
“I want you to think about the last time you saw an end user get delighted by a security feature,” said Microsoft’s Joe Belfiore. I go back a ways with Windows — when Microsoft first got the windows to overlap one another, I wrote a headline. And I’d have to answer Joe by saying... well, never, actually. Maybe until now.