Windows Hello for Business
vSEC:CMS unleashes the full potential of Microsoft's next generation of virtual smart card, Windows Hello for Business (WHfB). While WHfB can be used "as is" for basic Windows logon use, vSEC:CMS allows users to fully leverage its capabilities for strong authentication (2FA) and PKI. WHfB is available from Microsoft Windows 10.
A Virtual Smart Card (VSC) enables two-factor authentication (2FA) on a user's device without making use of extra hardware, such as smart card readers and USB tokens. VSCs are excellent for protecting companies' IT systems from external threats such as hacking and other unauthorized access from external devices. Versasec's vSEC:CMS has long supported VSCs and now it also supports Windows Hello for Business!
Product Information
Once the Microsoft WHfB infrastructure has been enabled in the environment, it is quick and simple to issue user credentials to it using the award winning vSEC:CMS credential management system - as is displayed in the short video below.
For more information about vSEC:CMS, the enabler of efficient deployment of WHfB and virtual smart cards, click here.
Feature Comparison
Below four different types of two-factor authentication (2FA) solutions are compared. The table is describing the full IAM solution - including the important credential management functionality. The four different types compared:
- SC-vSEC:CMS - Physical PKI smart card or token managed by vSEC:CMS
- VSC-vSEC:CMS - Versasec Virtual Smart Card managed by vSEC:CMS
- WHfB-Basic - Windows Hello for Business standalone (unmanaged)
- WHfB-vSEC:CMS - Windows Hello for Business managed by vSEC:CMS
Featurez |
SC-vSEC:CMS |
VSC-vSEC:CMS |
WHfB-Basic |
WHfB-vSEC:CMS |
Client platforms supported |
All |
Win7+ |
Win10+ |
Win10+ |
Single management for all PKI credentials (smart cards, tokens, VSC, WHfB...) | ||||
Supported on Windows PCs without additional HW | ||||
Roaming users (kiosks) | ||||
Physical access (door locks etc) | ||||
Visual identification (badge) | ||||
Security regulations (FIPS…) | ||||
Windows logon | ||||
Website auth using PKI | ||||
Data encryption | ||||
Email encryption | ||||
Digital signatures | ||||
Certificate renewal | ||||
Certificate revocation | ||||
Key archival/recovery | ||||
BIO support | ||||
Derived credentials | ||||
HW secured keys | ||||
TPM use | ||||
PKCS#11 | ||||
CAPI/CNG | ||||
Cert/key specific PINs | ||||
Virtualization compatibility | ||||
Traceability / Audit | ||||
Multi PKI vendor support | ||||
Multi-role credential issuance | ||||
Several certificates per user | ||||
Offline PIN unblock |