Geek Rewind

Enable Windows Hello Anti-Spoofing in Windows 11

Richard

·

The article details how to enable or disable the Windows Hello Facial Recognition anti-spoofing feature in Windows 11, improving device security. Users can adjust settings through Windows Settings, Group Policy Editor, or Registry Editor. Activating this feature may cause more sign-in errors and requires device compatibility. Always back up your registry first.

This article explains how to enable or disable the Windows Hello Facial Recognition anti-spoofing feature in Windows 11.

The Windows Hello feature provides a more personal and secure way to sign into  Windows. With Windows Hello, one can use a PINfacial recognition, or fingerprint to sign into their devices securely.

To enhance your device’s security using facial recognition, activate Enhanced Facial Recognition Protection. This feature enables anti-spoofing functionality.

Enhanced facial recognition protection may increase sign-in errors and disables Windows Hello facial authentication on devices that do not support enhanced anti-spoofing.

Enable/Disable the facial recognition anti-spoofing feature

Users can now enable or disable the anti-spoofing feature for Windows Hello Facial Recognition on Windows 11.

Here’s how to do it.

First, open the Windows Settings app.

You can do that by clicking on the Start menu and selecting Settings. Or press the keyboard shortcut (Windows key + I) to launch the Settings app.

When the Settings app opens, click the Accounts button on the left.

Select the Sign-in options tile under ‘Account settings‘ on the right to expand it.

On the Accounts > Sign-in options settings page, under Ways to sign in, expand the Facial recognition (Windows Hello) tile.

Next, check or uncheck the box next to “Enhanced facial recognition protection” to enable or disable the anti-spoofing feature.

Enhance facial recognition protection

Click the “Restart Now” button when prompted to do so.

Enable/Disable anti-spoofing using GPO

Another method to enable or disable the anti-spoofing feature for facial recognition is to use the local Group Policy Editor.

First, open the Local Group Policy Editor (gpedit.msc). (Search for “Edit group policy”) on the Start menu.

Then, navigate the folders below:

Computer Configuration > Administrative Templates > Windows Components > Biometrics > Facial Features

In the Facial Features details pane on the right, locate and double-click the “Configure enhanced anti-spoofing” settings.

Enhance facial recognition protection gpo

On the “Configure enhanced anti-spoofing” window, set the option to Not ConfigureEnabled, or Disabled.

  • Not Configured (default) – Same as Disabled.
  • Enabled: Windows requires all users on managed devices to use enhanced anti-spoofing for Windows Hello face authentication.
  • Disabled: Windows doesn’t require enhanced anti-spoofing for Windows Hello face authentication.
Enhance facial recognition protection gpo options

Click OK to save your changes.

Enable/Disable anti-spoofing using the Registry Editor

Yet another way to enable or disable the Windows Hello facial recognition anti-spoofing feature is to use the Windows Registry Editor.

Remember to back up your registry before making any changes, or create a System Restore point as a precaution.

First, open the Windows Registry and navigate to the folder key path below.

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Biometrics\FacialFeatures

Right-click Lock Screen > New > DWORD (32-bit) Value and name the new DWORD EnhancedAntiSpoofing.

Double-click and open the EnhancedAntiSpoofing name and set the value to 1 to enable the anti-spoofing feature for Windows Hello facial recognition.

Enhance facial recognition protection registry

If you want to turn off the enhanced anti-spoofing feature and revert Windows to its original settings, delete the [EnhancedAntiSpoofing] item created earlier.

EnhancedAntiSpoofing

You may have to reboot your computer to apply the changes.

That should do it!

Conclusion:

In summary, enabling or disabling the Windows Hello Facial Recognition anti-spoofing feature can improve your device’s security. Here are the key points to remember:

  • Enhanced Security: Activating the anti-spoofing feature significantly boosts facial recognition security.
  • Settings Flexibility: Users can manage settings via the Windows Settings, Group Policy Editor, or Registry Editor based on their preferences.
  • Sign-in Experience: While enhanced protection increases security, it may lead to more sign-in errors.
  • Backup Precautions: Always back up your registry or create a System Restore point before making any changes.
  • Compatibility Note: Ensure your device supports the enhanced anti-spoofing feature to utilize it effectively.

Following the abovementioned steps, you can configure facial recognition settings to match your security needs.

Richard Avatar
Richard
Richard, the owner and lead writer at Geek Rewind, is a tech enthusiast passionate about simplifying complex IT topics. His years of hands-on experience in system administration and enterprise IT operations have honed his ability to provide practical insights and solutions. Richard aims to make technology more accessible and actionable. He’s deeply committed to the Geek Rewind community, always ready to answer questions and engage in discussions. He enjoys watching football, cheering for the Minnesota Vikings, and spending time with his family when he’s not writing or managing Geek Rewind.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *


Exit mobile version