Microsoft has a biometric feature called Windows Hello that allows access to devices running the Windows operating system by scanning your fingerprint, face, or eyes instead of a password. Although the technology has long been considered safe, a team of security researchers from Blackwing Intelligence recently discovered a horrific security flaw in it.

They also opened the locks on laptops from different companies, evading surveillance by the Windows Hello security system. Researchers work for Microsoft to test Windows Hello security. At the time they were working with popular fingerprint sensors Goodix, Synaptics and ELAN to bypass the Windows Hello security system.

The study conducted a cyberattack called a "man-in-the-middle" (MITM) using a USB device connected to a laptop. This attack allowed them to open the laptop without a fingerprint or other biometric information, even if the Windows Hello system was turned on.

Researchers say the Windows Hello security system could be bypassed because neither Secure Device Connection Protocol nor SDCP are activated on the laptop. To do this, they propose adding SDCP technology to Windows Hello. 

Notably, with Windows’ biometric Hello technology, various devices can be accessed by scanning your fingerprint, face, or eyes without having to enter a written password. According to Microsoft, 85% of Windows 10 users use Windows Hello’s biometric feature.