Microsoft makes Windows Recall opt-in, secures data with Windows Hello
How does the new opt-in mechanism for Windows Recall work according to Pavan Davuluri's statement?
The new opt-in mechanism for Windows Recall, as explained by Pavan Davuluri, works by updating the set-up experience of Copilot+ PCs to give users a clearer choice to opt-in to saving snapshots using Recall5. If users do not proactively choose to turn it on, it will be off by default. Additionally, Windows Hello enrollment is required to enable Recall, and proof of presence is also required to view the timeline and search in Recall. The search index database will get an additional layer of decryption protection by Windows Hello Enhanced Sign-in Security (ESS), which will only allow users to access the encrypted data after authenticating. These privacy and security updates will be shipped to customers with Copilot+ PCs when Recall (preview) ships on June 18.
What additional security measures has Microsoft implemented for accessing the Recall feature?
Microsoft has implemented several additional security measures for accessing the Recall feature. Firstly, the company has made the feature opt-in, meaning that customers must proactively choose to turn it on and it will be off by default2. Secondly, users are required to prove that they are in front of the computer via Windows Hello to enable and use Recall. The search index database will also get an additional layer of decryption protection by Windows Hello Enhanced Sign-in Security (ESS), which will only allow the users to access the encrypted data after authenticating. Furthermore, Microsoft has encrypted the search index database, and Windows Hello ESS biometrics need to be enrolled before Recall will start collecting data and need to be enrolled to launch Recall.
Can you explain the role of Windows Hello Enhanced Sign-in Security in protecting the Recall data?
Windows Hello Enhanced Sign-in Security (ESS) plays a crucial role in protecting the Recall data by adding an additional layer of security to the database. With ESS, the Recall data remains encrypted until a user authenticates with Windows Hello when they open the app. This "just in time" decryption ensures that the data is only accessible when the user authenticates, providing enhanced protection against unauthorized access.
Furthermore, ESS requires users to prove that they are in front of the computer using biometric authentication (facial recognition, fingerprint, or a PIN), ensuring that only the authorized user can access the encrypted data. This requirement for proof of presence adds an extra layer of security to the Recall feature, mitigating the risks associated with password breaches and enhancing user privacy4.
In summary, Windows Hello Enhanced Sign-in Security helps protect the Recall data by requiring user authentication and biometric verification before granting access to the encrypted data. This ensures that sensitive information remains secure and accessible only to the authorized user.