Here is how to enable Enhanced Sign-in Security (ESS) in Windows 11. Using Windows Settings, you can enable or disable sign-in with an external camera or fingerprint sensor.
What is Enhanced Sign-in Security or ESS in Windows 11?
Enhanced Sign-in Security is a layer of security that works on Windows Hello to secure the data communication channel. It works only with Virtualization-Based Security (VBS). In simple words, it is an additional security layer that applies to traditional biometric sensors such as facial recognition and fingerprint sensors.
Hardware requirements for Enhanced Sign-in Security
The hardware requirements for Enhanced Sign-in Security are:
- VBS or Virtualization-Based Security.
- TPM or Trusted Platform Module 2.0.
- Device Guard Enablement.
- ESS supported biometric sensors and drivers.
- Secure Devices (SDEV) ACPI table configured device firmware that must be configured by your hardware manufacturer.
How to enable Enhanced Sign-in Security (ESS) in Windows 11
To enable Enhanced Sign-in Security (ESS) in Windows 11, follow these steps:
- Press Win+I to open Windows Settings.
- Go to Accounts > Sign-in options.
- Head to the Additional settings.
- Find the Sign-in with an external camera or fingerprint reader option.
- Toggle the button to turn it ON.
To get started, you need to open the Windows Settings. Although there are so many methods, you can press Win+I to open Windows Settings on your computer.
Then, navigate to Accounts > Sign-in options and then Additional settings.
Here, you can find an option called Sign in with an external camera or fingerprint reader.
You need to toggle the corresponding button to turn it ON.
However, to disable Enhanced Sign-in Security, you need to navigate to the same path and toggle the same button.
Turn on Enhanced Sign-in Security using Registry
Open Windows Registry and navigate to the following path:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WinBio
Double-click on SupportPeripheralsWithEnhancedSignInSecurity in the right pane.
- Enter 0 to turn on the Enhanced Sign-in Security feature.
- Enter 1 to turn off the Enhanced Sign-in Security feature.
If you do not see SupportPeripheralsWithEnhancedSignInSecurity key, you will have to create this DWORD (32-bit) registry item.
Restart your computer.
Verify if verify whether ESS is enabled in Windows 11
If you want to verify whether ESS is enabled, you can use the Event Viewer. For that, open the Event Viewer and navigate to this path:
Applications and Services Logs > Microsoft > Windows > Biometrics > Operational
If you see Event ID 1108 here, it implies that your ESS is enabled and working. However, you need to check the drivers and hardware if you cannot find the same event ID.
Read: Windows Hello: Sign-in to Windows devices with your face
Does Windows 11 have enhanced security?
Yes, Windows 11 comes with Enhanced Sign-in Security or ESS. However, this feature is very hardware-specific. Your computer must have VBS with Device Guard Enablement and TPM 2.0 along with biometric sensors and drivers with ESS. On the other hand, it should have device firmware with a Secure Devices (SDEV) ACPI table.
How do I turn off Enhanced Sign-in Security?
To turn off Enhanced Sign-in Security in Windows 11, you need to press Win+I to open the Windows Settings panel first. Then, go to Accounts > Sign-in options. Here, find the option called Sign in with an external camera or fingerprint reader. Finally, toggle the corresponding button to turn it ON.