Overview - WHfB Biometrics and Security

IT Service Desk 252-328-9866 | Pirate Techs Technology Support Centers | Submit a Ticket | Information Security Office infosec@ecu.edu

Available to

Faculty, Staff assigned an ECU-managed Windows 11 PC

Terminology

  • Biometric authentication. Using unique physical characteristics, such as your facial features or fingerprint, to verify your identity.
  • PIN code authentication. A personal identification number that only you know. Can be used to log in to secure systems. 
  • TPM chip. Windows Hello for Business uses the Trusted Platform Module (TPM) chip in your system to store your encryption key.

What you need to know about WHfB

Setting your PIN code:

  • PIN Requirements. Your PIN can be set between 6-20 characters and can include numbers, letters, or special characters if you prefer.
  • PIN Usage. You can use your PIN to log in on your device only. Alternately you can log in with your regular password if you forget your PIN (Choose “Sign-in options” at Log on Screen and choose the key Icon).
  • PIN Protection. Treat your PIN like your password. With the added convenience of Windows Hello and the Single Sign-On feature in Microsoft Edge, it's more important than ever to keep your PIN secure. Never share it! TIP: Press Windows key + L to lock your screen quickly.

Use of biometrics is optional

  • Flexibility. You can choose to use biometrics (such as facial recognition or fingerprint) for sign-in, or you may choose to use a PIN code only. A Yubikey can also be used for an even higher level of security.
  • Personal Choice. Whether you use biometrics or a PIN/YubiKey, your security and convenience are our priority.

Enhanced security with TPM chip

  • TPM Chip. Windows Hello for Business uses the Trusted Platform Module (TPM) chip in your device to store an encryption key. This chip has special protections to make it very tamper resistant.
  • Secure Access. This encryption key is used to access your biometric data, ensuring enhanced security.

Biometric data representation

  • Data Representation. Your biometric data is not stored as photographs or fingerprints. Instead, it is saved as a data representation of the image.
  • Local Storage. This data representation does not leave your device and is tied to your device.
  • Non-Reversible. The data cannot be reversed to recreate the original images or fingerprints, making it non-reusable.

Local Storage of Biometric Data

  • Local Encryption. No biometric data is stored centrally. It is only stored locally on your device and is encrypted.
  • Privacy Assurance. This ensures that your biometric data remains private and secure.
     
Print Article

Related Articles (2)

Multifactor Authentication Resources List
List of Knowledge Base account authentication (MFA) articles for ECU users.
Overview - Windows Hello for Business
Windows Hello for Business uses biometric or PIN login for convenience and security.