Microsoft Puts Built-In Fingerprint Sensor On Its 'Modern Keyboard' (Updated)

Update, 7/28/17, 8:05am PT: Microsoft announced that the Modern Keyboard is now available in the U.S, Canada, and China for $140 USD. The company also released a new Modern Mouse designed to complement the Modern Keyboard's looks; it's available in the same regions for $50. 

Original article: 6/16/17, 10:10am PT:

Passwords aren't the perfect authentication method. People often share them, forget them, or use simple passwords that are easy to guess. That's why many companies are pushing for biometric authentication by adding iris scanners, facial recognition features, and fingerprint sensors to their products. Microsoft joined their ranks with the new Modern Keyboard with Fingerprint ID, which features a "hidden" fingerprint scanner.

That scanner is housed inside a key with a fingerprint icon. Microsoft published a video demonstrating its use in which a woman named Miranda signs on to her Windows 10 device by pressing the key with her index finger. Windows Hello--an authentication tool that supports facial recognition and device pairing as well as fingerprint scanning--handles everything on the software side. The whole process is supposed to be quick and easy.

Microsoft said on Windows Hello's page that the feature can sign you into a Windows 10 device in less than two seconds. That's 3x faster than if you had to enter a password, the company said, but the real draw is the added security. The page opens with "Windows Hello: They can guess your password--not your face." (We're going to assume the company also stands by the security of Windows Hello's fingerprint support.)

That is marginally true--it's often harder for someone to mimic your body than it would be for them to guess your password. But like other companies offering biometric authentication, Microsoft has effectively glossed over the real security and privacy problems associated with them.

The first problem: Your body can be spoofed. Authentication tools have been tricked by high resolution images of eyes and faces before, and someone can replicate your fingerprint, too. The rise of social media has made it easy for someone to get those high resolution images; your own selfies could be used against you. You probably won't unintentionally share a password the same way you share biometric data.

The second problem: Your body can be used against you. Several U.S. courts have ruled that law enforcement officials can force you to sign in to a device if you use biometric authentication. (And that's ignoring other, more painful and gruesome ways your body parts can be used to log in against your will.) That isn't true of passwords. And even if it were, it's easier to protect an idea than it is to stop someone from forcing your finger onto a scanner.

This isn't a black and white issue. Biometric authentication makes sense for people who don't have to worry about law enforcement forcing them to unlock their devices. Passwords make sense for people who do worry about those things, or who simply want to make sure they can still post pictures of themselves to social media without inadvertently compromising their security. Everyone has to account for their own personal needs.

Windows Hello is going to be around either way. The Modern Keyboard doesn't change that--it merely gives people another way to use the feature. Before, you had to purchase a webcam or fingerprint sensor to use the feature (unless you have a laptop, many of which have those features built-in). Not that those are hard to come by; Microsoft said in January that "nearly 100" biometric devices work with Windows Hello.

Those products were more obtrusive than the Modern Keyboard, though, because basically everyone needs a keyboard. Windows Hello makes biometric authentication a core part of Windows 10; the Modern Keyboard seems like a (friendly?) Trojan horse meant to make fingerprint scanners a common aspect of future keyboards. Microsoft is proving that it can be done while simultaneously appealing to people who like its peripherals.

The Modern Keyboard features a number pad and, aside from the key housing the fingerprint sensor, a more or less standard layout. The F buttons pull double duty as media controls and shortcuts to other functions, such as search, home, or switching between desktops. The keyboard can be used wired or wirelessly via Bluetooth Low Energy 4.0 or 4.1 with a maximum range of 50 feet (in "open air") or 23 feet (in an "office environment.") It measures 16.57 x 4.43 x 0.76" (LxWxH) and weighs 14.79 oz. with batteries installed.

Microsoft said the Modern Keyboard can last up to two months on a pair of AAA batteries, which come with the device. The keyboard is compatible with Windows 10 / 8.1 / 8, Windows 10 Phone, macOS 10.10.5 or later, Android 4.4.2-5, and iOS 8.1-9.2.1. Those last two are kind of surprising--Google plans to release Android 8.0 later this year, and Apple's set to release iOS 11 this Fall. It's not clear if the Modern Keyboard will experience some problems with those versions of the mobile operating systems or if Microsoft simply hasn't optimized it for them.

Microsoft's Modern Keyboard with Fingerprint ID costs $130 from the company's online store. It's listed as "coming soon"--a release date wasn't provided.

Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.

  • Wingman22
    biometric authentication?
    biometric at most can be used to get your username, and that is a risk already. It can't be easily changed.
    Password must be secret and very hard to guess at all cost
    Reply
  • clonazepam
    I'm definitely in the same camp of biometrics being strictly username, if anything.
    Reply
  • Using biometrics as password is wrong because once it gets compromised it is not like password which you can change.
    Reply
  • lathe26
    Microsoft already released a fingerprint keyboard over a decade ago. It was called the "Microsoft Optical Desktop with Fingerprint Reader". Users could log into the home version of windows but the product did not work with enterprise windows (wasn't secure enough).

    https://www.amazon.co.uk/Microsoft-Keyboard-Optical-Fingerprint-Bz5-00002/dp/B0002ZHBIM
    Reply
  • ravewulf
    Does Windows Hello still require you to create a simple numeric key as a backup to unlock your device? Cause that's another huge security flaw. Guessing or cracking a short numeric code is insanely easy compared to a password.

    Also, I can't wait until Microsoft moves on from "Mondern UI" etc to something else because I am not a fan of this aesthetic.
    Reply
  • thundervore
    Most people are forgetting that a US court can get a warrant for fingerprints to unlock a device (because its something they have) but they cannot get a warrant for a password due to one cannot self incriminate themselves (its something only you know).

    I'm surprised its not backlit, would be beautiful if it was.
    Reply
  • rantoc
    I have to agree with most clever people who see beyond today - Using any biometric as password is just STUPID, once its leaked/scanned or whatever it will open up all places where its used and even "is the scanned part/material alive" checks can be fooled... So using biometric for password is just as stupid as reusing the same password on multiple sites beside here it's not even possible to change it IE once spent its useless.
    Reply
  • falchard
    Biometric passwords are usually used in one of 2 cases. Either it is part of a 2 step authentication, or it is device specific. In these situations, the problems of a biometric scan are much better mitigated. For the common user, it would be easier for them and would be more secure than the typical 8 character password.
    Reply
  • computerguy72
    Wow. Lots of people speaking authoritatively who literally know nothing about what they rant. To the guy who thinks a court can force you print to be released - that could only happen with the image which isn't used in any of these consumer systems. It's only used to extract in a fips and AFIS systems and even then not in the same database. To the guy who thinks template data can somehow be built into a useful image - that is absolutely false. To those who says these are less secure than a password... you must be kidding... Just like very old passwords, very old fingerprint system were similarly vulnerable. To the guy who says your fingerprint can't easily be changed - since what's used in the extraction and how much of it is stored in the template technically the data changes for every system. The resolution in most of the systems today even detect the pores in your finger.
    Reply
  • therealduckofdeath
    99.999% use either insecure passwords or write them "in plain sight" because they're too hard to remember. Yes, biometrics has never been considered secure as Fort Knox. Nobody has ever claimed that. It is however infinitely more secure than having the password written on a sticker on the side of the display. This is not intended for "master passwords", this is for unlocking those dozens of applications and other things people otherwise ALWAYS use the stereotypical "Secret1" password on.
    Reply