Passwords aren’t the perfect authentication method. People often share them, forget them, or use simple passwords that are easy to guess. That’s why many companies are pushing for biometric authentication by adding iris scanners, facial recognition features, and fingerprint sensors to their products. Microsoft joined their ranks with the new Modern Keyboard with Fingerprint ID, which features a “hidden” fingerprint scanner.
That scanner is housed inside a key with a fingerprint icon. Microsoft published a video demonstrating its use in which a woman named Miranda signs on to her Windows 10 device by pressing the key with her index finger. Windows Hello–an authentication tool that supports facial recognition and device pairing as well as fingerprint scanning–handles everything on the software side. The whole process is supposed to be quick and easy.
Microsoft said on Windows Hello’s page that the feature can sign you into a Windows 10 device in less than two seconds. That’s 3x faster than if you had to enter a password, the company said, but the real draw is the added security. The page opens with “Windows Hello: They can guess your password–not your face.” (We’re going to assume the company also stands by the security of Windows Hello’s fingerprint support.)
That is marginally true–it’s often harder for someone to mimic your body than it would be for them to guess your password. But like other companies offering biometric authentication, Microsoft has effectively glossed over the real security and privacy problems associated with them.
The first problem: Your body can be spoofed. Authentication tools have been tricked by high resolution images of eyes and faces before, and someone can replicate your fingerprint, too. The rise of social media has made it easy for someone to get those high resolution images; your own selfies could be used against you. You probably won’t unintentionally share a password the same way you share biometric data.
The second problem: Your body can be used against you. Several U.S. courts have ruled that law enforcement officials can force you to sign in to a device if you use biometric authentication. (And that’s ignoring other, more painful and gruesome ways your body parts can be used to log in against your will.) That isn’t true of passwords. And even if it were, it’s easier to protect an idea than it is to stop someone from forcing your finger onto a scanner.
This isn’t a black and white issue. Biometric authentication makes sense for people who don’t have to worry about law enforcement forcing them to unlock their devices. Passwords make sense for people who do worry about those things, or who simply want to make sure they can still post pictures of themselves to social media without inadvertently compromising their security. Everyone has to account for their own personal needs.
Windows Hello is going to be around either way. The Modern Keyboard doesn’t change that–it merely gives people another way to use the feature. Before, you had to purchase a webcam or fingerprint sensor to use the feature (unless you have a laptop, many of which have those features built-in). Not that those are hard to come by; Microsoft said in January that “nearly 100” biometric devices work with Windows Hello.
Those products were more obtrusive than the Modern Keyboard, though, because basically everyone needs a keyboard. Windows Hello makes biometric authentication a core part of Windows 10; the Modern Keyboard seems like a (friendly?) Trojan horse meant to make fingerprint scanners a common aspect of future keyboards. Microsoft is proving that it can be done while simultaneously appealing to people who like its peripherals.
The Modern Keyboard features a number pad and, aside from the key housing the fingerprint sensor, a more or less standard layout. The F buttons pull double duty as media controls and shortcuts to other functions, such as search, home, or switching between desktops. The keyboard can be used wired or wirelessly via Bluetooth Low Energy 4.0 or 4.1 with a maximum range of 50 feet (in “open air”) or 23 feet (in an “office environment.”) It measures 16.57 x 4.43 x 0.76″ (LxWxH) and weighs 14.79 oz. with batteries installed.
Microsoft said the Modern Keyboard can last up to two months on a pair of AAA batteries, which come with the device. The keyboard is compatible with Windows 10 / 8.1 / 8, Windows 10 Phone, macOS 10.10.5 or later, Android 4.4.2-5, and iOS 8.1-9.2.1. Those last two are kind of surprising–Google plans to release Android 8.0 later this year, and Apple’s set to release iOS 11 this Fall. It’s not clear if the Modern Keyboard will experience some problems with those versions of the mobile operating systems or if Microsoft simply hasn’t optimized it for them.
Microsoft’s Modern Keyboard with Fingerprint ID costs $130 from the company’s online store. It’s listed as “coming soon”–a release date wasn’t provided.