Enable Enhanced Anti-Spoofing for Windows 10 Hello Face Authentication

If your Windows 10 PC supports Windows Hello and you have set up facial recognition, then you can enable enhanced anti-spoofing. Windows Hello is a biometrics-based technology that enables users to authenticate their identity in order to access their devices, apps, networks, etc using fingerprint, face recognition, or iris scan. Now face detection in Windows 10 works well, but it can’t differentiate between a photo of your face inside your mobile or the actual user face.

The potential threat because of this issue is that someone with your photo could unlock your device by using their mobile. To overcome this difficulty, the anti-spoofing technology comes into action, and once you have enabled the anti-spoofing for Windows Hello Face Authentication, a photo of the authentic user cannot be used to login to the PC.

Enable Enhanced Anti-Spoofing for Hello Face Authentication

Enhanced anti-spoofing for Windows Hello face authentication is not required on unmanaged devices and you must be signed in as an administrator to enable or disable enhanced anti-spoofing. To do this:

Open the Local Group Policy Editor and on the left pane of Local Group Policy Editor, navigate to the following location:

Computer Configuration > Administrative Templates > Windows Components > Biometrics > Facial Features.

On the right pane of Facial Features in Local Group Policy Editor, double-click Configure enhanced anti-spoofing policy to edit it.

This policy setting determines whether enhanced anti-spoofing is required for Windows Hello face authentication.

If you enable this setting, Windows requires all users on managed devices to use enhanced anti-spoofing for Windows Hello face authentication. This disables Windows Hello face authentication on devices that do not support enhanced anti-spoofing.

If you disable or don’t configure this setting, Windows doesn’t require enhanced anti-spoofing for Windows Hello face authentication.

Note that enhanced anti-spoofing for Windows Hello face authentication is not required on unmanaged devices.

Enable Enhanced Anti-Spoofing for Windows 10 Hello Face Authentification

As indicated in the screenshot above, do the following;

To Disable Enhanced Anti-Spoofing for Windows Hello Face Authentication

  • Click the radio button for Not Configured or Disabled, click OK.

To Enable Enhanced Anti-Spoofing for Windows Hello Face Authentification

  • Click the radio button Enabled, click OK.

You can now exit Group Policy Editor and restart your system.

The procedure described above won’t work on Windows 10 Home Edition because Group Policy Editor is not built into Home edition. However, to carry out the same procedure on Home edition, install PolicyPlus. Once you have added the utility, you can now follow the same steps as described above to enable Enhanced Anti-Spoofing for Windows 10 Home.

Posted by on , in Category Security with Tags
Obinna Onwusobalu, MCSA MCTS MCITP, has studied Information & Communication Technology and is a keen follower of the Windows ecosystem. He runs a computer software clinic. He says, it's best practice to create a System Restore Point before making any changes to your system.

Leave a Reply

Your email address will not be published. Required fields are marked *


5 + 1 =