{"id":"https://openalex.org/W4320917434","doi":"https://doi.org/10.3390/cryptography7010009","title":"Attacking Windows Hello for Business: Is It What We Were Promised?","display_name":"Attacking Windows Hello for Business: Is It What We Were Promised?","publication_year":2023,"publication_date":"2023-02-14","ids":{"openalex":"https://openalex.org/W4320917434","doi":"https://doi.org/10.3390/cryptography7010009"},"language":"en","primary_location":{"id":"doi:10.3390/cryptography7010009","is_oa":true,"landing_page_url":"https://doi.org/10.3390/cryptography7010009","pdf_url":"https://www.mdpi.com/2410-387X/7/1/9/pdf?version=1676386771","source":{"id":"https://openalex.org/S4210223320","display_name":"Cryptography","issn_l":"2410-387X","issn":["2410-387X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cryptography","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://www.mdpi.com/2410-387X/7/1/9/pdf?version=1676386771","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5102504489","display_name":"Joseph Haddad","orcid":null},"institutions":[{"id":"https://openalex.org/I251738","display_name":"Edinburgh Napier University","ror":"https://ror.org/03zjvnn91","country_code":"GB","type":"education","lineage":["https://openalex.org/I251738"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Joseph Haddad","raw_affiliation_strings":["School of Computing, Engineering & the Build Environment, Edinburgh Napier University, Edinburgh EH10 5DT, UK"],"affiliations":[{"raw_affiliation_string":"School of Computing, Engineering & the Build Environment, Edinburgh Napier University, Edinburgh EH10 5DT, UK","institution_ids":["https://openalex.org/I251738"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082150685","display_name":"Nikolaos Pitropakis","orcid":"https://orcid.org/0000-0002-3392-9970"},"institutions":[{"id":"https://openalex.org/I251738","display_name":"Edinburgh Napier University","ror":"https://ror.org/03zjvnn91","country_code":"GB","type":"education","lineage":["https://openalex.org/I251738"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Nikolaos Pitropakis","raw_affiliation_strings":["School of Computing, Engineering & the Build Environment, Edinburgh Napier University, Edinburgh EH10 5DT, UK"],"affiliations":[{"raw_affiliation_string":"School of Computing, Engineering & the Build Environment, Edinburgh Napier University, Edinburgh EH10 5DT, UK","institution_ids":["https://openalex.org/I251738"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029353215","display_name":"Christos Chrysoulas","orcid":"https://orcid.org/0000-0001-9817-003X"},"institutions":[{"id":"https://openalex.org/I251738","display_name":"Edinburgh Napier University","ror":"https://ror.org/03zjvnn91","country_code":"GB","type":"education","lineage":["https://openalex.org/I251738"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Christos Chrysoulas","raw_affiliation_strings":["School of Computing, Engineering & the Build Environment, Edinburgh Napier University, Edinburgh EH10 5DT, UK"],"affiliations":[{"raw_affiliation_string":"School of Computing, Engineering & the Build Environment, Edinburgh Napier University, Edinburgh EH10 5DT, UK","institution_ids":["https://openalex.org/I251738"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5047556499","display_name":"Mouad Lemoudden","orcid":"https://orcid.org/0000-0002-0114-1054"},"institutions":[{"id":"https://openalex.org/I251738","display_name":"Edinburgh Napier University","ror":"https://ror.org/03zjvnn91","country_code":"GB","type":"education","lineage":["https://openalex.org/I251738"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Mouad Lemoudden","raw_affiliation_strings":["School of Computing, Engineering & the Build Environment, Edinburgh Napier University, Edinburgh EH10 5DT, UK"],"affiliations":[{"raw_affiliation_string":"School of Computing, Engineering & the Build Environment, Edinburgh Napier University, Edinburgh EH10 5DT, UK","institution_ids":["https://openalex.org/I251738"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5068020099","display_name":"William J. Buchanan","orcid":"https://orcid.org/0000-0003-0809-3523"},"institutions":[{"id":"https://openalex.org/I251738","display_name":"Edinburgh Napier University","ror":"https://ror.org/03zjvnn91","country_code":"GB","type":"education","lineage":["https://openalex.org/I251738"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"William J. Buchanan","raw_affiliation_strings":["School of Computing, Engineering & the Build Environment, Edinburgh Napier University, Edinburgh EH10 5DT, UK"],"affiliations":[{"raw_affiliation_string":"School of Computing, Engineering & the Build Environment, Edinburgh Napier University, Edinburgh EH10 5DT, UK","institution_ids":["https://openalex.org/I251738"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5029353215","https://openalex.org/A5082150685"],"corresponding_institution_ids":["https://openalex.org/I251738"],"apc_list":{"value":1600,"currency":"CHF","value_usd":1732},"apc_paid":{"value":1600,"currency":"CHF","value_usd":1732},"fwci":3.1885,"has_fulltext":true,"cited_by_count":7,"citation_normalized_percentile":{"value":0.92502953,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":"7","issue":"1","first_page":"9","last_page":"9"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9865000247955322,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9664000272750854,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.8706119060516357},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7862926721572876},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7344497442245483},{"id":"https://openalex.org/keywords/password-policy","display_name":"Password policy","score":0.5718086361885071},{"id":"https://openalex.org/keywords/one-time-password","display_name":"One-time password","score":0.5360581874847412},{"id":"https://openalex.org/keywords/s/key","display_name":"S/KEY","score":0.46401724219322205},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.4472818076610565},{"id":"https://openalex.org/keywords/certificate","display_name":"Certificate","score":0.42750781774520874}],"concepts":[{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.8706119060516357},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7862926721572876},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7344497442245483},{"id":"https://openalex.org/C98705547","wikidata":"https://www.wikidata.org/wiki/Q3394687","display_name":"Password policy","level":4,"score":0.5718086361885071},{"id":"https://openalex.org/C89479133","wikidata":"https://www.wikidata.org/wiki/Q1137840","display_name":"One-time password","level":3,"score":0.5360581874847412},{"id":"https://openalex.org/C4957475","wikidata":"https://www.wikidata.org/wiki/Q242186","display_name":"S/KEY","level":3,"score":0.46401724219322205},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.4472818076610565},{"id":"https://openalex.org/C96865113","wikidata":"https://www.wikidata.org/wiki/Q2946816","display_name":"Certificate","level":2,"score":0.42750781774520874},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.3390/cryptography7010009","is_oa":true,"landing_page_url":"https://doi.org/10.3390/cryptography7010009","pdf_url":"https://www.mdpi.com/2410-387X/7/1/9/pdf?version=1676386771","source":{"id":"https://openalex.org/S4210223320","display_name":"Cryptography","issn_l":"2410-387X","issn":["2410-387X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cryptography","raw_type":"journal-article"},{"id":"pmh:oai:zenodo.org:7732943","is_oa":true,"landing_page_url":"https://zenodo.org/record/7732943","pdf_url":"https://zenodo.org/record/7732943","source":{"id":"https://openalex.org/S4306400562","display_name":"Zenodo (CERN European Organization for Nuclear Research)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I67311998","host_organization_name":"European Organization for Nuclear Research","host_organization_lineage":["https://openalex.org/I67311998"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"info:eu-repo/semantics/article"},{"id":"pmh:oai:doaj.org/article:7dd012e65ce04cedbcc5669d725bd770","is_oa":true,"landing_page_url":"https://doaj.org/article/7dd012e65ce04cedbcc5669d725bd770","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Cryptography, Vol 7, Iss 1, p 9 (2023)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.3390/cryptography7010009","is_oa":true,"landing_page_url":"https://doi.org/10.3390/cryptography7010009","pdf_url":"https://www.mdpi.com/2410-387X/7/1/9/pdf?version=1676386771","source":{"id":"https://openalex.org/S4210223320","display_name":"Cryptography","issn_l":"2410-387X","issn":["2410-387X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cryptography","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","score":0.6299999952316284,"display_name":"Industry, innovation and infrastructure"}],"awards":[{"id":"https://openalex.org/G4896870839","display_name":null,"funder_award_id":"GA 101070214","funder_id":"https://openalex.org/F4320334322","funder_display_name":"HORIZON EUROPE Framework Programme"}],"funders":[{"id":"https://openalex.org/F4320334322","display_name":"HORIZON EUROPE Framework Programme","ror":null}],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4320917434.pdf"},"referenced_works_count":17,"referenced_works":["https://openalex.org/W1936361513","https://openalex.org/W2149929743","https://openalex.org/W2171920515","https://openalex.org/W2218132318","https://openalex.org/W2754385295","https://openalex.org/W2790583604","https://openalex.org/W2803262603","https://openalex.org/W3015349823","https://openalex.org/W3032062187","https://openalex.org/W3036595964","https://openalex.org/W3094639908","https://openalex.org/W3186249566","https://openalex.org/W4240387355","https://openalex.org/W4285057592","https://openalex.org/W4299412096","https://openalex.org/W6743962203","https://openalex.org/W6751555706"],"related_works":["https://openalex.org/W1844709308","https://openalex.org/W2359085393","https://openalex.org/W2969720675","https://openalex.org/W2019897613","https://openalex.org/W4214857854","https://openalex.org/W2177391373","https://openalex.org/W1639969416","https://openalex.org/W2953105088","https://openalex.org/W2156083280","https://openalex.org/W2237863779"],"abstract_inverted_index":{"Traditional":[0],"password":[1,41,44,85,194,243,262],"authentication":[2,24,42,167,175,263,267,286,295,346],"methods":[3],"have":[4],"raised":[5],"many":[6,258],"issues":[7],"in":[8,27,102,119,205],"the":[9,21,28,38,81,87,94,103,113,120,157,173,181,185,193,206,210,220,232,239,242,282,290,336,342],"past,":[10],"including":[11],"insecure":[12],"practices,":[13],"so":[14],"it":[15,188,202,318],"comes":[16],"as":[17,67,128,144,156,264,277],"no":[18],"surprise":[19],"that":[20,40,165,257],"evolution":[22],"of":[23,30,105,115,209,222,241,284,293,326,338],"should":[25],"arrive":[26],"form":[29,104],"password-less":[31,69,166,285,294,345],"solutions.":[32],"This":[33,57,109,302,315,334],"research":[34,99,163],"aims":[35,48],"to":[36,49,191,228,250,306,331],"explore":[37],"problems":[39],"and":[43,47,64,71,92,133,272,279,289,322,328,341],"policies":[45],"present":[46],"deploy":[50],"Windows":[51],"Hello":[52],"for":[53,199,269,287,311,344],"Business":[54],"(WHFB)":[55],"on-premises.":[56],"includes":[58],"creating":[59],"three":[60,116],"virtual":[61],"machines":[62],"(VMs)":[63],"evaluating":[65],"WHFB":[66,200,225],"a":[68,129,216],"solution":[70,310],"showing":[72],"how":[73],"an":[74,145,196],"attacker":[75],"with":[76],"privileged":[77],"access":[78],"may":[79],"retrieve":[80,192],"end":[82],"user\u2019s":[83],"domain":[84,130],"from":[86,195],"computer\u2019s":[88],"memory":[89],"using":[90],"Mimikatz":[91],"describing":[93],"possible":[95,190],"results.":[96],"The":[97,123,139,151,160,212],"conducted":[98],"tests":[100],"are":[101,247],"two":[106],"attack":[107,218,233],"methods.":[108],"was":[110,189,203,215,234,244,255],"feasible":[111],"by":[112,297,324,347],"creation":[114],"VMs":[117],"operating":[118],"following":[121],"way.":[122],"first":[124,186],"VM":[125,141,153],"will":[126,142,154],"act":[127,143,155],"controller":[131],"(DC)":[132],"certificate":[134],"authority":[135],"server":[136],"(CA":[137],"server).":[138],"second":[140,207,213],"Active":[146],"Directory":[147],"Federation":[148],"Service":[149],"(ADFS).":[150],"third":[152],"end-user":[158],"device.":[159],"test":[161,214],"findings":[162,337],"summarized":[164],"is":[168,178,300,316],"far":[169],"more":[170],"secure":[171],"than":[172],"traditional":[174],"method;":[176],"this":[177,252,308],"evidenced":[179],"throughout":[180],"author\u2019s":[182],"tests.":[183],"Within":[184],"test,":[187],"enrolled":[197],"device":[198],"while":[201],"still":[204,260],"phase":[208],"deployment.":[211],"brute-force":[217],"on":[219],"PIN":[221],"WHFB;":[223],"since":[224],"has":[226,319,329],"measures":[227],"prevent":[229],"such":[230,276],"attacks,":[231],"unsuccessful.":[235],"However,":[236],"even":[237],"though":[238],"retrieval":[240],"successful,":[245],"there":[246],"several":[248],"obstacles":[249],"achieving":[251],"outcome.":[253],"It":[254],"concluded":[256],"organizations":[259,275,299,305],"use":[261],"their":[265,312],"primary":[266],"method":[268],"accessing":[270],"devices":[271],"applications.":[273],"Larger":[274],"Microsoft":[278],"Google":[280],"support":[281],"adoption":[283],"end-users,":[288],"current":[291],"usage":[292,340],"shared":[296],"both":[298],"encouraged.":[301],"usually":[303],"leads":[304],"adopt":[307],"new":[309],"IT":[313],"infrastructure.":[314],"because":[317],"been":[320],"used":[321],"tested":[323],"millions":[325],"people":[327],"proven":[330],"be":[332],"safe.":[333],"supports":[335],"increased":[339],"need":[343],"today\u2019s":[348],"users.":[349]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1}],"updated_date":"2026-04-02T15:55:50.835912","created_date":"2025-10-10T00:00:00"}