Question Will adding a camera for Windows Hello make my PC less secure?


Jul 16, 2017
Happy Holidays!

In the past I tried some Lenovo laptops and I liked the face recognition login method. I am considering to buy a webcam to use Windows Hello on my desktop PC.
Besides logging in, what else can Windows Hello do? On the iPad, I could use the built-in camera to login to the device and as a substitute method to login to websites that require a password.
It seems that MS allows this few years ago. Does it work well? Will it make my PC less secure if I enable such feature?


In grand scheme of things, adding a webcam doesn't matter.

Almost all attacks against the PC come from the internet (either malware or direct attack) and here, webcam doesn't matter. Well, unless hacker likes to use your webcam to record everything the webcam sees, for possible future ransom attacks. So, in digital sense, having a webcam makes it worse.

On physical sense, and using face recognition, it only gives low level of security, whereby when PC doesn't see your mug (face), but instead someone else (e.g family/friends), they can't log in. So, in that sense, it does offer "some" protection. But any proper physical attack doesn't care about the face recognition protection and there are easy ways around this.

For example; have you tried to use picture of your mug (e.g on your phone), to see if software unlocks the PC?
Also, have you thought about what do you do, when that protection software throws an error and is incapable of unlocking the PC, despite seeing the correct mug? E.g different lighting conditions, different hairstyle etc.

All-in-all, i, personally don't think face recognition protection is worth it. Besides, you'd be giving your face to Micro$oft, whereby they can put your face to your digital data they have on you. <- That is quite substantial security risk.

The tried, tested and proven to work method of using username and password is best protection. Get a strong password and you're good. Or in other words, if it ain't broke - don't fix it. (By replacing solid cybersecurity method with something convenient and "fancy".)