Before you begin
You will need 3-5 minutes free, your UNSW-managed Windows device, internet connectivity, your zID and password. 

Set up process

1. In your device search window, enter Sign-in options and click it. 
2. Select the available biometric you wish to set up and then click Get started. 
3. Follow the prompts.  After setting up facial and/or fingerprint, you will be prompted to set up a 6-digit PIN. 
   

If you cancel any screen before it completes, your biometric will not be configured. 
 

Tips:

• Remove any face coverings and ensure you are in a well-lit area to improve the accuracy of the sensor.
• Try not to move your finger too much between readings. The sensor is small and will only scan a fraction of your fingerprint at a time.  
• When setting up the PIN, ensure it is a minimum of 6-digits (numbers). 
   

Passwordless will be available for UNSW-managed Mac devices soon. 

1. What are the risks to providing my biometric data?
   Biometric data — such as fingerprints and facial recognition templates — is considered personal information under the Privacy and Personal Information Protection Act 1998 (NSW) (PPIP Act). Because biometric identifiers are unique to you and tied to your body, they carry specific privacy risks. Unlike a password, your biometric data cannot be changed if compromised. A breach of this kind of information could have long-term consequences, such as identity theft or unauthorised surveillance.
   
   The WHFB system is designed with strong security protections. When you enrol, your biometric data is securely stored locally on your UNSW-issued device and is never transmitted to UNSW or Microsoft. The data is protected by hardware-based security using a Trusted Platform Module (TPM), which includes encryption, isolation, and tamper-resistant mechanisms. Any attempt to physically access the biometric data on the chip will render it inaccessible, making it extremely challenging for attackers to compromise.
   
   While no system is completely immune to compromise, these safeguards significantly reduce the likelihood of unauthorised access. Even so, by enrolling, you should understand the nature of the data being collected, how it will be used, and that your participation in the trial is voluntary. UNSW adheres to strict privacy obligations under the PPIP Act and follows our internal Privacy Management Plan to minimise risks and ensure informed consent. If you have concerns or prefer not to use biometrics, an alternative login method is available.
   
2. Can I check which biometric options are available on my device?
   Yes. On your device, in the search window, enter Sign-in options to see available biometric options. 
   
3. Is it mandatory to set up a PIN?
   Yes. Your PIN is used should either fingerprint or facial recognition methods fail. 
   
4. Can I set up multiple biometric methods on one device?
   Yes. Windows Hello for Business allows multiple biometric (fingerprint, facial) methods, provided your device has the capability.  
5. Do I still need to remember my zID passphrase/password?
   Yes. Your zID password is required when logging into shared devices, devices that are not UNSW-managed or where you have not set up Windows Hello for Business
6. What can I use if my biometrics fail to recognise me?
   If either your facial or fingerprint biometrics fail, you will be prompted to enter your 6-character PIN. You can select other methods also, such as using your zID password.  
7. How can I reset my PIN if I forget it?
   There are two ways to reset your PIN if you have forgotten it. You will need internet connection for both these methods.
   
   A) Reset PIN from Setting
   1. Sign-in to your device using your zID password and in the search window enter Sign-in options.
   2. Select PIN (Windows Hello) and then I forgot my PIN and follow the instructions.
   
   B) Reset PIN from the lock screen
   1. On your lock screen, click the Sign-in options link, and select the PIN pad icon.
   2. Select I forgot my PIN.
   3. Select an authentication option from the list presented.
   4. Follow the instructions provided. When finished, unlock your desktop using your newly created PIN.
   
   
8. Does facial recognition work if I'm wearing glasses or a hat?
   Yes. It will usually work, however when setting it up please do not wear a facial mask and ensure that you have sufficient lighting for the sensor.  
   
9. Can I set-up Passwordless on my Apple Mac device(s)?
   Passwordless is currently only available for UNSW-managed Windows devices. While Mac devices support various forms of authentication like Touch ID, Face ID, and Apple’s own passwordless options (via iCloud Keychain or Apple ID), they do not directly integrate with Windows Hello for Business.
   
10. Can I set up Passwordless on my personal device(s) or my phone?
    No. This capability is limited to UNSW-managed Windows devices only. 
    
11. Can I set up Passwordless on a UNSW shared device?
    No.  Windows Hello For Business is limited to UNSW-managed Windows devices and will not be applicable to shared devices, e.g. in laboratories or the library.
    
12. Does the PIN/Biometrics work with the Incognito or InPrivate window?
    Yes. When accessing UNSW applications like SharePoint in Chromes’ Incognito or Edges’ InPrivate window, you will be prompted to sign in. In this case you can continue to use your zID password or select Sign-in options where you can select your preferred method (PIN, Fingerprint, Facial).
    
13. How many user profiles can enrol for Windows Hello for Business on a single Windows device?
    The maximum number of supported enrolments on a single device is 10. This lets 10 users each enrol their face and up to 10 fingerprints.
14. Where is Passwordless biometrics data stored?
    When you set up Windows Hello for Business, a representation of your biometrics, called an enrolment profile, is created. The enrolment profile biometrics data;
    - is device specific,
    - is stored locally on the device in an encrypted format,
    - does not leave the device,
    - doesn't roam,
    - never leaves the module, and is
    - never sent to Microsoft cloud or external server.
    
15. Why is a PIN or biometric gesture better than an online password?
    A PIN or biometric gesture is local to a device. One important difference between a zID password and a biometric/PIN is that the biometric/PIN is tied to the specific device on which it is set up. While someone who obtains your zID password can sign in to your account from anywhere, they can’t do so if they obtain your PIN because it is tied to the device. The PIN can't be used anywhere except on that specific device.
    
16. What happens to my biometric if my device is stolen? Is it safe?
    Contact the UNSW IT Service Centre and report your stolen device immediately. If your device is stolen, your biometric data, such as fingerprints or facial recognition, remain secure. Modern devices store biometric data in a secure enclave, which is a separate and isolated part of the device hardware.
    
17. Can I wipe biometric data from my device? 
    Yes. To wipe biometric data from your device, run a command in Command Prompt:
    1. On your keyboard, press windows and R keys. 
    2. In the Run window, type cmd and press Enter.
    3. In the command prompt window, type the following: certutil.exe -DeleteHelloContainer and press Enter                 
    4. In the same Command Prompt window, type: logoff.exe and press Enter.
    This will sign you out and complete the deletion process.
    
18. Will Passwordless cause issues for mapping a Network Drive?
    No. When setting up the Network Drive mapping for first time, login first using your password and complete the mapping. Once the mapping setup is complete, access the Network Drive without issues.