question

HyoilLee-2101 avatar image
HyoilLee-2101 asked ·

How to dectect changes of windows hello PIN, fingerprint or face.

I would like to know how to detect changes of windows hello after enrolling a user with windows hello.

For example,
User A is activated windows hello and register PIN with "1234".
User A enrolls in the service with windows hello.
Someday, User A change the PIN or register new fingerprint in windows Hello.
User A try to authenticate with new PIN or fingerprint for using the service.

I would like to know there is any changes of windows hello between enrollment and authentication.

windows-uwp
3 comments
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello, is this the problem you encountered during the development of UWP applications? The UWP application can request the system to perform fingerprint or Windows Hello verification and obtain the verification result. But it is impossible to know whether the user has changed the biometric information.

0 Votes 0 · ·
HyoilLee-2101 avatar image HyoilLee-2101 RichardZhang-MSFT ·

II am using the WebAuthn API(https://github.com/microsoft/webauthn/blob/master/webauthn.h) with windows hello.

Do you have any plan to support that feature for security ?

It is little bit different, but android provides similar feature.

  • https://developer.android.com/training/articles/keystore ------------------------------------------------------------------------------------------------------------------------------------
    User authentication authorizes a specific cryptographic operation associated with one key. In this mode, each operation involving such a key must be individually authorized by the user. Currently, the only means of such authorization is fingerprint authentication: FingerprintManager.authenticate. Such keys can only be generated or imported if at least one fingerprint is enrolled (see FingerprintManager.hasEnrolledFingerprints). These keys become permanently invalidated once a new fingerprint is enrolled or all fingerprints are unenrolled.




0 Votes 0 · ·

This seems to be the content of Web Authentication, and according to the description, the API is win32API and may not be suitable for UWP applications. Currently Microsoft Q&A is still in the preview stage, the content of WebAuthentication is not supported, you can get a more professional answer at MSDN

0 Votes 0 · ·

0 Answers