Windows Hello for Business

vSEC:CMS unleashes the full potential of Microsoft’s next generation of virtual smart card, Windows Hello for Business (WHfB). While WHfB can be used “as is” for basic Windows logon use, vSEC:CMS allows users to fully leverage its capabilities for strong authentication (2FA) and PKI. WHfB is available from Microsoft Windows 10.

A Virtual Smart Card (VSC) enables two-factor authentication (2FA) on a user’s device without making use of extra hardware, such as smart card readers and USB tokens. VSCs are excellent for protecting companies’ IT systems from external threats such as hacking and other unauthorized access from external devices. Versasec’s vSEC:CMS has long supported VSCs and now it also supports Windows Hello for Business!

Product Information

Once the Microsoft WHfB infrastructure has been enabled in the environment, it is quick and simple to issue user credentials to it using the award winning vSEC:CMS credential management system – as is displayed in the short video below.

Feature Comparison

Below four different types of two-factor authentication (2FA) solutions are compared. The table is describing the full IAM solution – including the important credential management functionality. The four different types compared are:

SC-vSEC:CMS

Physical PKI smart card or token managed by vSEC:CMS

WHfB-Basic

Windows Hello for Business standalone (unmanaged)

VSC-vSEC:CMS

Versasec Virtual Smart Card managed by vSEC:CMS

WHfB-vSEC:CMS

Windows Hello for Business managed by vSEC:CMS

SC-vSEC:CMS

Client platforms supported

All

Single management for all PKI credentials

Supported on Windows PCs without additional HW

No

Roaming users (kiosks)

Physical access (door locks etc)

Visual identification (badge)

Security regulations (FIPS…)

Windows logon

Website auth using PKI

Website auth Data encryptionusing PKI

Data encryption

Email encryption

Digital signatures

Certificate renewal

Certificate revocation

Key archival/recovery

BIO support

No

Derived credentials

HW secured keys

TPM use

No

PKCS#11

CAPI/CNG

Cert/key specific PINs

Virtualization compatibility

Traceability / Audit

Multi-role credential issuance

Multi-role credential issuance

Several certificates per user

Offline PIN unblock

VSC-vSEC:CMS

Client platforms supported

Win7+

Single management for all PKI credentials

Supported on Windows PCs without additional HW

Roaming users (kiosks)

No

Physical access (door locks etc)

No

Visual identification (badge)

No

Security regulations (FIPS…)

No

Windows logon

Website auth using PKI

Website auth Data encryptionusing PKI

Data encryption

Email encryption

Digital signatures

Certificate renewal

Certificate revocation

Key archival/recovery

BIO support

No

Derived credentials

HW secured keys

TPM use

PKCS#11

No

CAPI/CNG

Cert/key specific PINs

Virtualization compatibility

Traceability / Audit

Multi-role credential issuance

Multi-role credential issuance

Several certificates per user

Offline PIN unblock

WHfB-vSEC:CMS

Client platforms supported

Win10+

Single management for all PKI credentials

Supported on Windows PCs without additional HW

Roaming users (kiosks)

No

Physical access (door locks etc)

No

Visual identification (badge)

No

Security regulations (FIPS…)

No

Windows logon

Website auth using PKI

Website auth Data encryptionusing PKI

Data encryption

Email encryption

Digital signatures

Certificate renewal

Certificate revocation

Key archival/recovery

BIO support

Derived credentials

No

HW secured keys

TPM use

PKCS#11

No

CAPI/CNG

Cert/key specific PINs

No

Virtualization compatibility

No

Traceability / Audit

Multi-role credential issuance

Multi-role credential issuance

Several certificates per user

Offline PIN unblock

No

WHfB-Basic

Client platforms supported

Win10+

Single management for all PKI credentials

No

Supported on Windows PCs without additional HW

Roaming users (kiosks)

No

Physical access (door locks etc)

No

Visual identification (badge)

No

Security regulations (FIPS…)

No

Windows logon

Website auth using PKI

Website auth Data encryptionusing PKI

Data encryption

No

Email encryption

No

Digital signatures

No

Certificate renewal

No

Certificate revocation

No

Key archival/recovery

No

BIO support

Derived credentials

No

HW secured keys

TPM use

PKCS#11

No

CAPI/CNG

Cert/key specific PINs

No

Virtualization compatibility

No

Traceability / Audit

No

Multi-role credential issuance

No

Multi-role credential issuance

No

Several certificates per user

No

Offline PIN unblock

No

vSEC:CMS

Our product suite provides all the software tools to administrate and manage credentials in a secure and convenient way.

Start here

Free Product Trial

Versasec provides enabling IT security products centered on the usage of security devices such as smart cards. Our solutions enable customers to securely authenticate, issue and manage user credentials more cost effectively. Get a free product trial


Job Openings

We are always looking for new exceptional persons to join our team! Find out more about our job openings.

CMS/SCMS

SCMS = Smart Card Management Systems
CMS = Credential Management System
New to credential management? Have a look at the Wikipedia definition of a ‘Smart Card Management System’.

Versasec Support

Versasec customers with an existing support and maintenance contract can access the Versasec Support Portal, offering extensive professional support and maintenance services. The Versasec Support Portal offers a variety of services, allowing for customers and any site visitor to communicate directly with support engineers.

Contact Support

Company Blog

Our blog addresses the latest security trends and stories. The posts discuss how identity and access management are playing a larger role in keeping corporate data safe as well as brand reputations intact.

Visit our Blog