Windows 10 will Let You Unlock Your PC with “Companion Devices”

Keeping your PC secured is number one priority for anybody. Privacy, important Data or the idea that “this PC belongs to me” are some of the reasons. What comes haunting post this, are complex passwords and pins. Companies haven been trying to simplify this because people want it secure, but they also want it convenient, when it comes to unlocking. Right from Fingerprint sensors to Windows Hello.

Well, we are still lazy, and thanks to the futuristic movies, we want our PC to be unlocked when they feel our presence. We are on our way to that, and Microsoft has published a document which talks about Companion Device Framework. This technology allows you to unlock your device when a companion device like a Smart Band, Phone or any hardware is around your PC.

Surface Pro 4 Windows Hello

That said, the mechanism isn’t that simple. A simple password exchange between PC and the device is not what Microsoft wants to implement. After all its about security. This Companion Device Framework is implemented as a service running on Windows This service is responsible for generating an unlock token which needs to be protected by an HMAC key stored on companion device. This guarantees that access to the unlock token requires companion device presence. Per each (PC, Windows user) tuple, there will be a unique unlock token.

Once your PC knows that a companion device is in place, it just won’t unlock your PC unless it knows that its actually you. What happens if you forgot your Phone around your PC? It will way to easy for anybody to unlock it. This is where the User signals comes in place. The companion device might, for instance, need a PIN before it can be used for unlocking PC (not to be confused with PC PIN), or it might require press of a button.

Can any app developers make this companion app? Answer is no. The Companion Device Framework is a specialized feature not available to all app developers. To use this framework, your app must be specifically provisioned by Microsoft and list the restricted secondaryAuthenticatorFactor capability in its manifest. To get approval, contact [email protected].

Microsoft is also supporting devices which come with Biometric. Like any phone, including Android with Fingerprint sensor or such as Lumia 950 XL with Windows Hello can act as user signal to unlock the PC.

You can read in much detail here

A die-hard fan of Windows, Windows 10 Mobile, Windows Phone and Xbox, Loves to Do Video reviews on Windows Phone Apps, Games, Xbox Games, Xbox Tutorials.

1 COMMENT

  1. Hi Ashish
    After reading your article I read the MSDN article as well. Still I don’t get what the service does with the device key.
    They write that “The device key is used to protect unlock tokens that the PC needs to unlock Windows.”
    What is called a token? As far as I can tell the device key is “only” used to generate the HMAC dk….or is it about an access token from lsass?
    kr Fabian

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.