Biometric authentication systems like Windows Hello, Fingerprint scanner, etc., are being promoted in Windows 10. These biometric systems help you quickly and securely log in to your system and perform various activities. Obviously, this eliminates the need for creating and remembering complex passwords. As good as it is, under some circumstances, these biometric systems can be a victim of spoofing compromising your security. To eliminate this, Windows 10 included a new feature called Enhanced Anti-Spoofing that acts as a countermeasure for any unauthorized access via spoofing. This article discusses how to enable it.
Note: when enabled, this new feature will only work with devices that support anti-spoofing technology. If your device doesn’t support anti-spoofing, then enabling it does nothing.
Enable Enhanced Anti-Spoofing Using the Registry
To enable the enhanced anti-spoofing feature, add a new registry value. To do that, press “Win + R,” type
regedit and press the Enter button.
The above action will open the Windows Registry Editor. Here, navigate to the following key:
Right-click on the “Biometrics” key, select “New” and then “Key” to create a new registry sub-key.
Name the newly created key “FacialFeatures” and press the Enter button to save the name.
Now, right-click on the right pane, select “New” and then “DWORD (32-bit) Value.”
This action will create a new DWORD value. Rename the newly-created value “EnhancedAntiSpoofing.” This is how it looks once you rename it.
By default, the value data is set to “0.” To change that, double-click on the newly created value. This action will open the “Edit Value” window. Here, enter a new value data of “1,” and click on the “OK” button to save the changes.
If you ever want to disable the enhanced anti-spoofing, simply change the value data back to “0.”
Enable Enhanced Anti-Spoofing Using Group Policy
If you are using the Pro or Enterprise version of Windows, you can do the same thing using the Group Policy Editor. There is no need to mess with Windows Registry. To start, press “Win + R,” type
gpedit.msc and press the Enter button.
The above action will open the Group Policy Editor. Navigate to the following policy folder: “Computer Configuration -> Administrative Templates -> Windows Components -> Biometrics -> Facial features.”
Now, double-click on the policy “Use enhanced anti-spoofing when available” on the right panel.
Once the policy settings window has been opened, select the “Enabled” radio button, and click on the “OK” button to save the changes.
If you ever want to revert back, simply select the “Disabled” radio button or “Not Configured.”
Do comment below sharing your thoughts and experiences regarding enabling and using new enhanced anti-spoofing feature in Windows.
Image Credit: Thurrott