Windows 8 : Determining who’s who through authentication (part 3) - Smart card authentication, Biometric authentication

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

Smart card authentication

A smart card is a hardware token that contains certificates that prove the identity of the person using a device. Using a smart card authentication requires an organization to provide each user with a smart card, which can be tied to an identification badge or other item, and to attach a smart card reader to each computer within the environment.

When a smart card is used for sign-in, the user initiates a sign-in request and inserts the smart card into the available reader. The card is checked, and a prompt for a PIN appears. When the user enters the PIN, Windows begins the authentication process just as it does when a user name and password are used for authentication. Smart cards provide two-factor authentication to Windows. That is, the user must have two things to sign in successfully: the physical smart card and the PIN associated with the smart card. If a user does not have both these items, authentication will not succeed.

This type of authentication is similar to the type used to prove an identity at an ATM. To access an account by using the machine, you must have the physical access card to swipe in the machine and the PIN associated with the card.

Smart cards are more secure than user names and passwords because they provide an element that cannot be guessed. For example, if an organization uses the naming convention of first initial, last name (such as pfischer for Peter Fischer) when creating user names, other employees, or anyone who knows this convention, can guess that Peter Fischer’s user name is pfischer. Then that person can attempt to guess his password.

If the organization uses a smart card configuration for user authentication, Peter Fischer will have a card to swipe at sign-in and, after swiping his card, he will then be asked for his PIN. If someone other than Peter attempts to sign in as Peter, he or she will not be able to sign in without Peter’s smart card and PIN.



In addition to providing Windows authentication, smart cards can be used for other purposes such as unlocking doors and recording hours worked by swiping into an attendance system.

Others in your organization are probably familiar with smart card technology because an ATM machine uses similar technology. You might be able to recommend the use of smart cards in other areas of the organization such as the company cafeteria to purchase meals and other items. Many do not treat their computer credentials with the same level of security as their ATM card, so deploying a smart-card system is a good idea because each employee has access to information the organization requires to conduct its business.

With the use of the Internet and other technologies increasing every day, implementing better security measures and educating an organization about the benefits of these measures can both help the IT organization monitor security better and help users become more conscious of security.



Before attempting to configure a smart card reader or any peripheral device, ensure that you have access to the correct driver software for that device. Many Windows 7 device drivers will work with Windows 8; however, this might not be the case with Windows RT.

To configure a smart card for sign-in, you must install a certificate on the smart card. The required certificate is created by using the enrollment agent certificate template. In addition, a certification authority needs the enrollment agent and smart card sign in to be configured. This ensures that your certificate authority (CA) can provide certificates for smart cards.

To configure a smart card reader and prepare to sign in to Windows 8, complete the following steps:

  1. Plug the smart card reader into your computer if you are using an external device.

  2. If the device does not turn on, make sure the drivers for the device have been installed.

  3. Insert a smart card into the reader.

To authenticate by using a smart card, insert the card into the reader. The sign-in screen will change to work with the smart card rather than with Ctrl+Alt+Delete. Windows will check any certificates on the card and display them. Select the valid certificate (if more than one choice appears) and enter the corresponding PIN to sign in. Windows might not prompt you to choose a certificate if only one is found on the card.



When you sign in to a computer running Windows by using a smart card, you are actually using a specially designated certificate to perform the authentication. The PIN is similar to the private key, which tells the computer (or the server if you are signing in to a domain) that you have the necessary credentials and should be authenticated.

Other types of certificates can be used to prove the identity of a user and provide access to websites, thus reducing the chances of problems that might compromise information used on a website. Although these certificate types might not be used directly for Windows sign-in, they provide authentication to other services that you might encounter as a Windows user.

Biometric authentication

Another type of two-factor authentication is biometrics. This technique involves a scanner of some type, typically for a fingerprint, but possibly for a retina in extremely advanced cases.

When signing in to a computer by using biometrics, the user at the computer initiates the sign-in process and then touches the scanner. When reading the fingerprint of the individual, a one-time key is generated for the sign-in session. This is passed to the authenticating domain controller or the local computer and checked against the stored information for the user account. When the credentials are verified, the sign-in is completed, and that user’s desktop appears.

Advantages of the use of biometrics can include:

  • Unique access for each individual

  • Greater difficulty in faking or impersonating identity

  • Nothing to guess at sign-in

The implementation of this sign-in method comes with initial costs because, like smart cards, the computers within an environment need biometric scanners to process sign-in attempts. In addition, an organization must train employees so that they understand the process of using biometrics. Although a fingerprint scanner is used to sign in, the fingerprint itself is not stored with the user identification (ID) for the sign-in process. A security code or token is generated for each sign in. This code is passed as something similar to a password for actual authentication.



If your fingerprint reader is a USB device, plug it into your computer and ensure that you have drivers installed before continuing. You might also need to download fingerprint management software so Windows can store the information the device collects. Windows will alert you during configuration if you need to do this.

To configure biometric sign-ins, complete the following steps:

  1. Select the Settings charm.

  2. Select Control Panel.

  3. In Control Panel, open Biometric Devices.

  4. Find the device currently installed on your computer and select Change Biometric Settings.

  5. Ensure that Biometrics is turned on and that Allow Users To Log On To Windows Using Their Fingerprints is selected.

  6. Tap or click Cancel if these options were already set; tap or click Save Changes if you modified them.

  7. In the Biometric Devices Control Panel applet, tap or click Use Your Fingerprint With Windows.

  8. Tap or click Continue.

  •  Windows Server 2012 : Planning, implementing, and managing Group Policy (part 9) - Configuring WMI filtering
  •  Windows Server 2012 : Planning, implementing, and managing Group Policy (part 8) - Managing GPO links, Configuring security filtering
  •  Windows Server 2012 : Planning, implementing, and managing Group Policy (part 7) - Viewing infrastructure status, Creating GPOs
  •  Windows Server 2012 : Planning, implementing, and managing Group Policy (part 6) - Advanced Audit Policy Configuration
  •  Windows Server 2012 : Planning, implementing, and managing Group Policy (part 5) - User Rights Assignment, Security Options
  •  Windows Server 2012 : Planning, implementing, and managing Group Policy (part 4) - Refreshing Group Policy
  •  Windows Server 2012 : Planning, implementing, and managing Group Policy (part 3) - Configuring a central store, Using Starter GPOs
  •  Windows Server 2012 : Planning, implementing, and managing Group Policy (part 2) - Group Policy and Active Directory design
  •  Windows Server 2012 : Planning, implementing, and managing Group Policy (part 1) - Understanding policies vs. preferences
  •  Windows 8 : Monitoring, optimizing, and troubleshooting system health and performance (part 5) - Monitoring system resources by using Performance Monitor
    Top 10
    Free Mobile And Desktop Apps For Accessing Restricted Websites
    MASERATI QUATTROPORTE; DIESEL : Lure of Italian limos
    TOYOTA CAMRY 2; 2.5 : Camry now more comely
    KIA SORENTO 2.2CRDi : Fuel-sipping slugger
    How To Setup, Password Protect & Encrypt Wireless Internet Connection
    Emulate And Run iPad Apps On Windows, Mac OS X & Linux With iPadian
    Backup & Restore Game Progress From Any Game With SaveGameProgress
    Generate A Facebook Timeline Cover Using A Free App
    New App for Women ‘Remix’ Offers Fashion Advice & Style Tips
    SG50 Ferrari F12berlinetta : Prancing Horse for Lion City's 50th
    - Messages forwarded by Outlook rule go nowhere
    - Create and Deploy Windows 7 Image
    - How do I check to see if my exchange 2003 is an open relay? (not using a open relay tester tool online, but on the console)
    - Creating and using an unencrypted cookie in ASP.NET
    - Directories
    - Poor Performance on Sharepoint 2010 Server
    - SBS 2008 ~ The e-mail alias already exists...
    - Public to Private IP - DNS Changes
    - Send Email from Winform application
    - How to create a .mdb file from ms sql server database.......
    programming4us programming4us