Is it Windows Hello safe?

[xmestessox]

I am a happy owner of Enpas, but I have a question about unlocking with windows hello.

Is it safe to unlock with fingerprint windows hello?
When I unlock the database with my fingerprint, can same keyloggers detect the master password and the key file?

Thank you

[Abhishek Dewan]

Hi @xmestessox

Windows Hello is indeed secure to use. Kindly refer to this link to know more about it.

[paulsiu]

I would like to add a warning about windows hello setup. The link you proviced mentioned that Window Hello uses TPM to securely store key values. On older devices without tpm, that is not the case. When you enable windows hello, you are required to create a pin. If you have a Windows computer without TPM, the PIN value are stored in a secure location. The problem is that many of these machine probably also do not have disk encryption. You can buy an utility to bruteforce your pin.

https://blog.elcomsoft.com/2022/08/windows-hello-no-tpm-no-security/

I believe Enpass smartly forces you to enter the master password on startup if you don't have a TPM, so fortunately hacking the PIN will not allow them into the vault, but it would allow them to acquire the PIN to login.

There are two things you can do to mitigate.

1. Encrypt your drive, which should prevent access to the secure element.

2. Make a really long pin simialar to a good password using letter, numbers, and special characters. Most people don't know that you can use keys other than numbers. If you are using fingerprint, you would not need to enter the pin often.