Windows Login without password - possible with NFC card
In an increasingly digitalised world, computer authentication is becoming more and more important - and at the same time more complex. Traditional passwords have long proven to be a weak point: They are difficult to remember, annoying to enter and susceptible to cyber attacks. But what if you could save yourself the hassle of typing them in? The solution: a Windows Login without a password, made possible by an NFC card.
This innovative method combines security and user-friendliness in an ideal way. Whether in a corporate environment or for private use - NFC Login can easily make everyday life easier.
In this article you will learn...
- how NFC works for authentication
- what advantages ‘Touch to Login’ offers
- more about requirements, compatibility, password management and setup
- how secure logging in with an NFC card is
- how well other login methods work compared to the NFC card
1. How NFC works for authentication
When an NFC card is read by an NFC reader, the reader normally reads information from the NFC chip. The NFC chip is located inside the card. Authentication with NFC is a little different. Instead of reading out specific information such as text or code, the UID of the NFC chip is read out. A UID is an individual identification number for an NFC chip.
In the Windows Login example, software is required that stores the chip's UID. In addition, an NFC reader must be connected to the desired computer. If an NFC card is now held up to an NFC reader, the software compares the already memorised UID and the currently scanned UID. If they match, the login is successful. If they do not match, the login will not take place.
This method is possible because each NFC chip has its own UID, which is assigned during production. This cannot be changed afterwards.
2. Advantages of the ‘Tap to Login’
Increased security
Logging in to Windows with an NFC card provides protection against phishing and brute force attacks. As no passwords need to be entered, attackers cannot intercept passwords or steal them through phishing attacks. In addition, NFC cards can be used for multi-factor authentication, but can also function as a single factor. This means that an NFC card can also be used as additional protection alongside a password.
Compliance with the latest standards
According to the GDPR, 2FA authentication for Windows is particularly necessary for companies that work with sensitive data. An NFC card can also be used as a second factor to fulfil 2FA authentication. It is particularly practical as it is a physical means and is not stored on the PC.
Improved convenience
With Tap to Login, there is no longer any need to memorise complicated, long passwords and then enter them. Instead, you can log in quickly and easily using a card. This method makes everyday life much easier, especially in cases where frequent but secure logins are required, such as in the office.
Can be implemented for large companies
This method is perfect for security-critical companies with a large number of workstations in particular and creates a standardised and simplified login process for employees.
3. What you should know about setting up passwordless login
3.1. Requirements & compatibility
You need the following to use it:
- An NFC card/NFC tag
- Windows computer with Windows Vista, 7, 8, 8.1, 10 or 11 (more recent versions recommended)
- NFC reader
- Software CodeB Credential Provider
Instead of an NFC card or an NFC tag, you can also use your smartphone. To do this, you must download an additional App CodeB Authenticator.
NFC tags, NFC cards and NFC readers are easily available in our shop:
3.2. Login process and password management
- Does Touch to Login also work for shared PC use?
Yes, it works. However, one NFC card is required per user.
- Does logging in with the NFC card also apply to logging in after standby mode or hibernation mode?
Yes, it is also possible to log in with an NFC card after standby mode or hibernation mode.
- I would like to go back to the standard password method. Is this still possible?
Yes, this is still possible afterwards. Standard credential providers can still be used and you can switch between several credential providers in the login window. Standard Windows credential providers can be reversibly deactivated or hidden using CodeB Credential Provider so that a login cannot take place with a password, for example, and phishing can therefore be successfully prevented.
What is a credential provider?
A credential provider is a software component in Windows operating systems that is responsible for authenticating users. It is used to collect and process the login information (credentials) required to grant a user access to a system. A credential provider acts as an intermediary between the user and the operating system during authentication. A well-known example is password-based login.
3.3. Setting up passwordless login
- How do I set up the login of an NFC card on my PC?
We have prepared a step-by-step guide for this, which takes you through the installation and set-up process and lists all the necessary requirements once again.
Follow the instructions here: Windows Login with an NFC card
4. This is how secure Windows Login with an NFC card is
There is only a low security risk when logging in without a password using an NFC card. This is the case due to various aspects:
- Encryption of the NFC chip: In addition to NFC chips without encryption, there are NFC chips with specific encryption specifically for authentication, for example MIFARE chips.
- Multi-factor authentication: You can use the NFC card as a second factor in addition to single-factor authentication for additional protection.
- Protection against phishing and keylogging: Since password entry is no longer necessary and user data no longer needs to be entered, attackers can no longer steal your passwords.
- Low risk if the card is lost: As your NFC card does not contain any sensitive data, losing the card only poses a risk if a third party attempts to log in to your PC locally. During this time, the card can be deactivated and the affected PC can be backed up.
Interesting to know: CodeB also supports Kerberos authentication, which can be offered for larger companies. Microsoft also seems to be making Kerberos Login possible for standalone PCs in the future, so that smaller companies and private individuals can also use it.
5. Tap to Login compared to other login methods
Logging in with an NFC card has many advantages. But how well it works compared to other login methods depends on various factors. Below we compare the NFC card with other methods:
Windows Login with password
Security: NFC cards are more secure than passwords as they are not susceptible to phishing, brute force attacks or keylogging. Since no password is entered, attackers cannot intercept or guess passwords.
User-friendliness: Logging in via NFC card is faster and easier as there is no need to memorise or enter a password. It is particularly useful in environments where users need to log in frequently.
Administration: IT departments don't have to spend time resetting forgotten passwords, making it easier to manage.
Biometric methods (fingerprint, facial recognition)
Security: Biometric data is unique and difficult to falsify, making it very secure. In comparison, an NFC card can be misused if lost, which is not possible with biometrics. However, NFC cards also offer high security in combination with PINs or other factors.
User-friendliness: Both methods are user-friendly due to their ease of use.
Implementation: The implementation of biometrics requires specialised hardware (e.g. fingerprint scanners, cameras), while NFC readers are often cheaper and easier to integrate into existing systems.
Windows Login with PIN
Security: PINs are more secure than passwords, but are still vulnerable to shoulder surfing (spying on the PIN) or brute force attacks. In contrast, an NFC card offers secure authentication without the need to enter a PIN.
Ease of use: NFC Login is easier and faster as no numerical entry is required. PINs can be forgotten or entered incorrectly, slowing down the login process.
Administration: As with passwords, resetting or changing PINs can require additional administrative work, while NFC cards can be easily deactivated and replaced if lost.
6. Conclusion
Using an NFC card for Windows Login offers a unique combination of security and convenience that is far superior to traditional login methods. By avoiding password entries, the risk of phishing and other attacks is significantly reduced.
The ease of use and fast authentication make NFC cards particularly attractive for companies that rely on a secure and efficient IT infrastructure. In addition, this method can be easily integrated into existing systems and offers flexibility in adapting to specific security requirements.
Overall, NFC-based login is a modern, secure and user-friendly alternative to conventional authentication methods.