The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

Enable Enhanced Anti-Spoofing for Windows 10 Hello Face Authentication

Download PC Repair Tool to quickly find & fix Windows errors automatically

If your Windows 10 PC supports Windows Hello and you have set up facial recognition, then you can enable enhanced anti-spoofing. Windows Hello is a biometrics-based technology that enables users to authenticate their identity in order to access their devices, apps, networks, etc using fingerprint, face recognition, or iris scan. Now face detection in Windows 10 works well, but it can’t differentiate between a photo of your face inside your mobile or the actual user face.

The potential threat because of this issue is that someone with your photo could unlock your device by using their mobile. To overcome this difficulty, the anti-spoofing technology comes into action, and once you have enabled the anti-spoofing for Windows Hello Face Authentication, a photo of the authentic user cannot be used to login to the PC.

Enable Enhanced Anti-Spoofing for Hello Face Authentication

Enhanced anti-spoofing for Windows Hello face authentication is not required on unmanaged devices and you must be signed in as an administrator to enable or disable enhanced anti-spoofing. To do this:

Open the Local Group Policy Editor and on the left pane of Local Group Policy Editor, navigate to the following location:

Computer Configuration > Administrative Templates > Windows Components > Biometrics > Facial Features.

On the right pane of Facial Features in Local Group Policy Editor, double-click Configure enhanced anti-spoofing policy to edit it.

This policy setting determines whether enhanced anti-spoofing is required for Windows Hello face authentication.

If you enable this setting, Windows requires all users on managed devices to use enhanced anti-spoofing for Windows Hello face authentication. This disables Windows Hello face authentication on devices that do not support enhanced anti-spoofing.

If you disable or don’t configure this setting, Windows doesn’t require enhanced anti-spoofing for Windows Hello face authentication.

Note that enhanced anti-spoofing for Windows Hello face authentication is not required on unmanaged devices.

Enable Enhanced Anti-Spoofing for Windows 10 Hello Face Authentification

As indicated in the screenshot above, do the following;

To Disable Enhanced Anti-Spoofing for Windows Hello Face Authentication

  • Click the radio button for Not Configured or Disabled, click OK.

To Enable Enhanced Anti-Spoofing for Windows Hello Face Authentification

  • Click the radio button Enabled, click OK.

You can now exit Group Policy Editor and restart your system.

The procedure described above won’t work on Windows 10 Home Edition because Group Policy Editor is not built into Home edition. However, to carry out the same procedure on Home edition, install PolicyPlus. Once you have added the utility, you can now follow the same steps as described above to enable Enhanced Anti-Spoofing for Windows 10 Home.

88 Shares

[email protected]

Obinna has completed B.Tech in Information & Communication Technology. He has worked as a System Support Engineer, primarily on User Endpoint Administration, as well as a Technical Analyst, primarily on Server/System Administration. He also has experience as a Network and Communications Officer. He has been a Windows Insider MVP (2020) and currently owns and runs a Computer Clinic.

Share via
Facebook
Twitter
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap