Windows

Many laptops are now equipped with a fingerprint reader, a useful feature if you lock/unlock your computer on a regular basis. However, for some reason, Windows requires to set up a PIN, even if you already have a password. The PIN is supposedly secure since it uses your laptop’s TPM module, but authentication using the password remains possible anyway, so why allow a PIN in the first place?

It is not possible (to the best of my knowledge) to disable the PIN requirement, but you can remove it from your login screen using regedit. Go to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{D6886603-9D2F-4EB2-B667-1971041FA96B

Create a new DWORD value named Disabled and set it to 1. Alternatively, you can find on my GitHub gist a registry script that will do that for you (save it and execute it).

If you need to edit your fingerprints, please note you will need to enable PIN authentication temporarily (set Disabled to 0).

How does BattlEye works

BattlEye is a client-side and server-side based anti-cheat. The client communicates regularly with the server, and is kicked when abnormal activity is detected (e.g. no response: BattlEye client is probably not running anymore).

BattlEye is backed by a kernel driver, BEDaisy.sys. This is what is all about: this is very complicated to monitor the driver.

It is complicated to describe how BattlEye works precisely because most anti-cheats are based on security through obscurity. However, we can describe most noticeable mechanisms.

Mur de brique

A blog about security.

Fingerprint login on Windows without a PIN

BattlEye and Windows Local Kernel-Mode Debugging (Part 1)

How does BattlEye works