Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.

Windows Hello Driver: 2021

Critically, the driver never sends the actual biometric image to Windows. Not ever. That image is processed inside a trusted execution environment (TEE) or a dedicated security coprocessor. The driver’s only output is a signed token.

The only fix? Deleting the driver’s biometric database from C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Ngc and re-enrolling. For enterprise IT admins, this became a weekly ritual. More concerning than simple bugs were the security researchers poking at Hello’s driver interface. In 2023, a Black Hat talk demonstrated a DLL injection attack into the biometric service’s driver-loading routine. By spoofing a legitimate sensor driver’s Device ID, the researcher could intercept the authentication handshake and replay a valid “user verified” token from a stolen system dump. windows hello driver

Or at least, that’s the theory. The first major crack in the facade appeared in 2021. Users of Dell XPS laptops, Lenovo ThinkPads, and even Microsoft’s own Surface devices began reporting a strange error: “Something went wrong. Please try again.” Over and over. Critically, the driver never sends the actual biometric

But what is a Windows Hello driver, really? It’s not a single file. It’s a layered trust contract between Microsoft’s biometric framework, a sensor manufacturer’s hardware, and the Windows kernel. And for a long time, it was also a black box—until it started breaking. Windows Hello isn’t a camera app. It’s a security architecture built around the Windows Biometric Framework (WBF) . The driver sits in the deepest ring of this system—Ring 0, kernel mode. Its job is brutal: take raw sensor data (a face mesh, a fingerprint scan), ensure it hasn’t been tampered with, and pass a cryptographic assertion to the Local Security Authority (LSA) that says, “Yes, this is the user.” The driver’s only output is a signed token

If that happens, the era of the broken Hello driver—of mysterious “Something went wrong” errors and fingerprint sensor disappearing after updates—might finally end.

But the attack highlighted a fundamental tension: the driver is both the most trusted component and the most exposed. It must talk to weird USB fingerprint readers, cheap laptop IR sensors, and high-end enterprise cameras. Each new device adds a new driver—and a new potential leak. Not all Windows Hello drivers are equal. Microsoft provides a generic inbox driver (wbd.sys) that works with basic USB fingerprint readers. But most OEMs—Synaptics, Goodix, Realtek—ship their own custom drivers. And here lies the problem.