The clickbait 'title' makes some claim to vulnerability, except that's the wrong word entirely. The described "vulnerability" is logically equivalent to briefly removing one's face from the frame, <i>because that's what this is</i>. The article actually suggests that as the usual alternative!<p>There's nothing else going on here beyond "think about Windows Hello, please". Is this really what we want HN to be about?
Free advice: Do not use biometrics to unlock devices. Face/fingerprint recognition is subject to different, lesser, protections than memorized passwords.<p>Criminal defense 101: Don't talk to the police. Don't admit anything, including any sort admission of owning a phone. If they can use your face/finger to unlock a phone, that proves it is your phone. Even if you one day want to admit owning that phone, do not allow them to unlock it without your permission. The unlocking of any device should only happen after negotiations with the assistance of counsel, not at 2am in a parking lot. Use some sort of memorized password/pattern.
I've had a SP4 since they were released. It's got some faults, but Windows Hello has worked flawlessly for me. It sounded like such a gimmick before I used it but it's actually pretty neat.
I have Windows Hello enabled on my phone (a 950) and it scans my iris with an infra-red camera/light. This means it still works in the dark and cant be fooled by a photo (or a 3d model I guess!)
Microsoft should fix its 4-digit PIN/no limiter app authentication first.<p><a href="https://www.cnil.fr/en/windows-10-cnil-publicly-serves-formal-notice-microsoft-corporation-comply-french-data-protection" rel="nofollow">https://www.cnil.fr/en/windows-10-cnil-publicly-serves-forma...</a>