This article explains how to turn on or off enhanced anti-spoofing for Windows Hello face authentication in Windows 11.
Windows 11 has a Windows Hello feature that provides a more personal and secure way to sign into Windows.
With Windows Hello, one can use a PIN, facial recognition, or fingerprint to sign into their devices. In addition, the Windows Hello feature offers several ways to ditch their passwords in favor of a more secure and personal authentication method.
Enhanced anti-spoofing is an optional additional security feature for Windows Hello face authentication that prevents unauthorized access via spoofing.
Below is how to turn on or off enhanced anti-spoofing for Windows Hello face authentication in Windows 11.
Turn on or off enhanced anti-spoofing for Windows Hello face authentication
As mentioned, users can enable enhanced anti-spoofing for Windows Hello face authentication in Windows 11.
This feature is disabled by default. However, if you want to add additional security for Windows Hello, you can use the steps below.
Here’s how to do that.
Click the Start menu button to search for “Edit group policy." Then, under Best match, select Edit group policy result.
In the left pane of Local Group Policy Editor, expand the tree:
Computer Configuration -> Administrative Templates -> Windows Components -> Biometrics -> Facial Features
Then, in the Facial Features details pane on the right, locate and double-click the “Configure enhanced anti-spoofing “setting to open its settings window.
On the Configure enhanced anti-spoofing window set the option to Not Configure, Enabled, or Disabled.
- Not Configured (default)
- Enabled – Windows requires all users on managed devices to use enhanced anti-spoofing for Windows Hello face authentication.
- Disabled – Windows doesn’t require enhanced anti-spoofing for Windows Hello face authentication.
Turn on or off enhanced anti-spoofing for Windows Hello Face authentication via Registry
Another way users can enable or disable enhanced anti-spoofing for Windows Hello face authentication is via the Windows Registry editor.
First, open the Windows Registry, and navigate to the folder key path below.
HKEY_CURRENT_USER\Software\Microsoft\OneDrive\Accounts\Personal
If you don’t see the FacialFeatures folder key, right-click on the Biometrics key, then create the subkey (FacialFeatures) folders.
Right-click the FacialFeatures folder key’s right pane and select New -> DWORD (32-bit) Value. Next, type a new key named EnhancedAntiSpoofing.
Double-click the new key item name (EnhancedAntiSpoofing) and make sure the Base option is Decimal, and then update the Value data:
- To enable it, type: 1
- To disable it, type 0 or delete the item name.
Save your changes and restart your computer.
That should do it!
Conclusion:
- Enabling enhanced anti-spoofing for Windows Hello face authentication provides additional security to prevent unauthorized access via spoofing.
- Windows Hello offers authentication methods such as PIN, facial recognition, and fingerprint, promoting a more personalized and secure sign-in experience.
- Users can conveniently manage the enhanced anti-spoofing feature through the Local Group Policy Editor or the Windows Registry editor, tailoring the security settings to their preferences.
- By following the outlined steps, users can effectively enhance the security of their Windows 11 device, ensuring a more secure and personalized authentication experience with Windows Hello.
Leave a Reply