Windows Hello, Microsoft's biometric authentication system, has long been celebrated for its convenience and security, allowing users to log in using facial recognition even in low-light conditions. This functionality was primarily achieved through the use of infrared (IR) sensors, which could map a user's face without relying on visible light. However, a recent update has altered this capability, requiring both IR and color (RGB) cameras for facial recognition, thereby rendering Windows Hello ineffective in the dark.
The change stems from Microsoft's response to a spoofing vulnerability identified in April 2025. This vulnerability allowed attackers to bypass Windows Hello's facial recognition using manipulated images, posing a significant security risk. To mitigate this, Microsoft updated Windows Hello to necessitate the simultaneous use of both IR and RGB cameras during the authentication process. This dual-camera requirement aims to enhance security by ensuring that both depth and color information are verified, making it more challenging for unauthorized users to spoof the system.
While this update bolsters security, it introduces practical challenges for users. Previously, the reliance on IR sensors alone enabled facial recognition in low-light or dark environments, as IR sensors do not require visible light to function. With the new requirement for RGB camera input, which depends on visible light, users find themselves unable to use facial recognition in the dark. This change has led to frustration among users who valued the ability to log in seamlessly regardless of lighting conditions.
The issue is particularly pronounced for users who utilize physical privacy shutters to cover their webcams. These shutters were effective in maintaining privacy while still allowing IR-based facial recognition. However, with the new update, closing the shutter disables the RGB camera, thereby preventing Windows Hello from functioning. Users now face a dilemma between maintaining privacy and utilizing facial recognition features.
In response to these challenges, some users have discovered temporary workarounds. One such method involves disabling the RGB camera through the Device Manager, forcing Windows Hello to rely solely on the IR sensor. To implement this:
- Open Device Manager.
- Expand the "Cameras" section.
- Right-click on the RGB camera (often labeled as "Integrated Camera" or similar) and select "Disable."
- Leave the IR camera enabled.
- Re-enroll in Windows Hello facial recognition by navigating to Settings > Accounts > Sign-in options > Facial recognition (Windows Hello) and selecting "Set up."
Microsoft has acknowledged the issue and is reportedly working on a permanent fix. In the meantime, users are advised to consider alternative authentication methods, such as PINs or fingerprint recognition, especially in low-light environments. Staying informed through official Microsoft channels and user forums can provide updates on forthcoming patches and additional workarounds.
This situation underscores the delicate balance between enhancing security measures and maintaining user convenience. While the update addresses a critical security vulnerability, it also highlights the need for solutions that do not compromise the user experience. As biometric authentication becomes increasingly prevalent, ensuring both security and usability will remain a paramount concern for developers and users alike.
Source: inkl Microsoft has broken Windows Hello facial recognition — it no longer works in the dark
