You can enable and use the enhanced anti-spoofing feature in Windows 10, when it is available on your device, for additional security. When you do this, Windows 10 will require all users on the device to compulsorily use the anti-spoofing for facial features, on devices which support it. Windows Hello offers this integrated anti-spoofing countermeasures to mitigate physical attacks like unauthorized device logon and access. Let us see how to enable this setting on supported devices, using Group Policy & Registry Editor.
Enable enhanced anti-spoofing feature
Open the WinX menu and select Run. Type gpedit.msc in the Run box and hit Enter to open the Local Group Policy Editor. Now navigate to the following setting:
Computer Configuration > Administrative Templates > Windows Components> Biometrics > Facial features
Double-click on Use enhanced ant-spoofing when available setting.
In the box which opens, select Enabled. Click Apply and exit.
This policy setting determines whether enhanced anti-spoofing is configured for devices which support it. If you do not configure this policy setting, users will be able to choose whether or not to use enhanced anti-spoofing on supported devices. If you enable this policy setting, Windows will require all users on the device to use anti-spoofing for facial features, on devices which support it. If you disable this policy setting, enhanced anti-spoofing is turned off for all users on the device and they will be unable to turn it on.
If your version of Windows 10 doesn’t not have the Group Policy Editor, you may Run regedit to open the Registry Editor and navigate to the following key:
Create a new REG_DWORD, name it EnhancedAntiSpoofing and give it a value of 1, to enable enhanced anti-spoofing.
- A value of 1 will enable the setting
- A value of 0 will disable the setting
Hope this works for you.