31Mar
How exactly is a fingerprint stored in Windows Hello? Why is it claimed to be more secure than a password?
Microsoft's claim that it is more secure.
I can't quite imagine a scenario where fingerprints can be stored in a way that defeats the weaknesses of password storage (i.e. pass the hash attacks or password reuse). Moreover, I couldn't quite find a concise explanation of the way Windows Hello stores and compares fingerprint hashes, so I'm wondering how exactly these measures were implemented that make them better than passwords.
What actually happens in a Windows Hello domain? Is there a fuzzy hash of a fingerprint being sent to the domain controller? If you get an image of someone's finger, does that mean the fuzzy hash is compromised forever? Is it possible to get your fingerprint stolen from Windows memory?