You can enable and use the enhanced anti-spoofing feature in Windows 11/10, when it is available on your device, for additional security. When you do this, Windows 11/10 will require all users on the device to compulsorily use the anti-spoofing for facial features, on devices which support it. Windows Hello offers this integrated anti-spoofing countermeasures to mitigate physical attacks like unauthorized device logon and access. Let us see how to enable this setting on supported devices, using Group Policy & Registry Editor.
Enable enhanced anti-spoofing feature
Open the WinX menu and select Run. Type gpedit.msc in the Run box and hit Enter to open the Local Group Policy Editor. Now navigate to the following setting:
Computer Configuration > Administrative Templates > Windows Components> Biometrics > Facial features
Double-click on Use enhanced ant-spoofing when available setting.
In the box which opens, select Enabled. Click Apply and exit.
This policy setting determines whether enhanced anti-spoofing is configured for devices which support it. If you do not configure this policy setting, users will be able to choose whether or not to use enhanced anti-spoofing on supported devices. If you enable this policy setting, Windows will require all users on the device to use anti-spoofing for facial features, on devices which support it. If you disable this policy setting, enhanced anti-spoofing is turned off for all users on the device and they will be unable to turn it on.
If your version of Windows 11/10 doesn’t not have the Group Policy Editor, you may Run regedit to open the Registry Editor and navigate to the following key:
Create a new REG_DWORD, name it EnhancedAntiSpoofing and give it a value of 1, to enable enhanced anti-spoofing.
- A value of 1 will enable the setting
- A value of 0 will disable the setting
What is Enhanced anti-spoofing?
Enhanced anti-spoofing is a security feature included in Windows 11 and Windows 10. It helps you enable or disable Windows Hello face authentication on devices that do not support this security layer. For your information, it is possible to turn it on or off with the help of the Local Group Policy Editor and the Registry Editor.
What is Enhanced anti-spoofing Windows Hello?
Enhanced Anti-Spoofing in Windows Hello is an additional layer of security, which helps you enable or disable Windows Hello face authentication on specific devices. If your device doesn’t support Enhanced anti-spoofing, you cannot use the Windows Hello face authentication. To turn it on or off, you can follow the aforementioned guides.
Hope this works for you.