What should I do before my appointment to cutover my laptop to Windows Hello?
There are few steps that need to be done by you the end user, but we do recommend doing the following:
- Cleaning up local files if you have any in your downloads folder, documents folder, or on your desktop. These files should be moved seamlessly during our cutover, but larger quantities of files will slow down the cutover process. We do recommend cleaning out files you don't need.
- If you would like to back up your browser bookmarks before the cutover, please refer to the following guides:
- Chrome: see "Move or export bookmarks to another browser" here
- Edge: see "Back up your Microsoft Edge favorites" here
- We recommend having your phone set as a trusted device in Bitwarden to approve Bitwarden logins, if you haven't already configured this. This is a great opportunity to have this ready to go.
- Ensure that your appointment has you available for the full 30 minutes so that you can sign into your accounts, configure settings with us and be setup for success.
- Think ahead on how you want to connect for the appointment -- you will need to use a personal device, since your laptop will need to be rebooted as part of the process. Options for this include Teams or Zoom if you have them installed on your phone, or a call from your personal number.
What will be different after the cutover?
- After the cutover is done it is very similar to the experience of when you get a replacement computer, so plan accordingly. We will do everything we can to make the experience as painless as possible :)
- Printing will be handled slightly differently. For a rundown on this, we recommend referring to https://support.abdosolutions.com/portal/en/kb/articles/how-to-secure-print
- You will now be able to Sign into Applications behind Single Sign On with just Windows Hello.
Using Just a Pin, Fingerprint, or Facial scan feels less secure to me. Am I wrong for feeling that way?
This is totally an understandable concern. There are two key reasons why this is more secure than our previous approach:
- Windows Hello uses the FIDO2 Passkey sign in approach to authenticate to resources. This is a phishing resistant form of Multi Factor Authentication. At a high level what this means is that credentials are not passed between the end point, the authentication of the end user is done on the device that has been setup as trusted, and then leveraging the trust between the device and the remote resource, a temporary key exchange is handled between the devices. This makes traditional phishing significantly harder to accomplish for threat actors, and it also avoids exposing your Abdo Cloud Password even if the phishing attempt was successfully blocked.
- Your Laptop is effectively becoming your MFA device or acts as a physical key/fob if you will vs relying on the mobile app to.
In summary, you are still having 2 factors of authentication, but these are stronger implementations of the factors when looked at in the way they handle remote authentication.
What should I pick for my pin?
Our minimum requirements adhere to the National Institute of Standards Technology (NIST) which recommends a minimum of 6 numeric values. You can make it more complicated if you wish (longer, include non numeric characters), but 6 is considered sufficient. Remember this is a pin, not a password. A Pin is device specific and will only work when done on the Windows Hello enabled and enrolled device. We do recommend avoiding easily guessed things like your birthday.
Do I need to setup Facial Recognition or a fingerprint scan? I prefer to not use that.
You do not need to use Biometrics if you prefer to not use those. You are required to setup a pin and to use windows hello.