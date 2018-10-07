Instead of plain old passwords, you can protect your Windows PC in various sorts of ways. Windows Hello, for example, allows you to sign in with your face, iris or fingerprint. While Microsoft's biometric authentication certainly works on compatible devices, it doesn't offer a way to remotely unlock your PC using your phone.

The proliferation of wireless technology and software interdependency have led to innovations that already enables users to unlock their computer by using compatible features on their smartphones. Even though PCs still don't have widespread biometric authentication — especially the budget segment — there exist OS-dependent features such as Smart Lock that allows you to unlock your Android phone to get into your Chromebook. But what if you're not a Chrome OS person and don't have a Windows Hello-compliant PC? Can you still use your Android phone's fingerprint scanner to unlock your PC running Windows?

Yes, you can. Over 6 years ago, I created a script using Tasker, a Tasker plugin called AutoTools, and an app called Unified Remote, to remotely unlock your Windows PC using the fingerprint scanner on your Android device. The script used AutoTools to authenticate your fingerprint and Unified Remote to perform remote inputs such as a tap, swipe, and paste to unlock your Windows PC. Nonetheless, it's definitely not a seamless way to remotely unlock your PC.

If Samsung Flow can be used to remotely unlock your Windows PC from a Samsung Galaxy phone or tablet, why can't any other third-party app? That's exactly the question that XDA Member Andrew-X asked himself, and after months of work, he came up with a solution. He created an app called Remote Fingerprint Unlock which lets you unlock any Windows PC via the fingerprint scanner on your Android smartphone.

How Remote Fingerprint Unlock works

Compared to other hardware-backed passwordless authentication methods (e.g. USB or NFC security keys), Remote Fingerprint Unlock takes a different approach. There are two modules of the utility: a library for Windows and an Android app, which securely communicate between themselves over the local network. This means you can use the fingerprint sensor on your Android device to authenticate on the app and the Windows module, upon validating, seamlessly unlocks your Windows user account.

Under the hood, the credentials are encrypted using a key that is generated based on your fingerprint. Thanks to Android's security mechanism, the key is safeguarded by the Trusted Execution Environment (TEE) of the SoC that powers the phone. The app itself doesn't store any password and it doesn't even require the Internet permission to function.

Remote Fingerprint Unlock features

Remote Fingerprint Unlock supports the following device configurations:

Windows module: x86 or x64 architectures Note that Arm64 AKA Windows on Arm devices aren't supported yet. We've reached to the developer about this incompatibility and we'll keep you updated with any info provided. Windows Vista, Windows 7, Windows 8/8.1, Windows 10, or Windows 11 PCs

Android module: Android 6.0+



The free features include:

Support for remotely unlocking both local and online Microsoft accounts via fingerprint scanner

Set up 1 PC with 1 account for remote unlocking

Wi-Fi Tethering support

The pro features ($1.99 in-app purchase) include:

No advertisements

Adding multiple Windows PCs

Adding multiple accounts per Windows PC

Support Wake-on-LAN

How to setup Remote Fingerprint Unlock

Setting up Remote Fingerprint Unlock is fairly simple. All you need to do is download the Android app, install the Windows Fingerprint Credential Module, and go through the setup process in the app. As mentioned earlier, the utility doesn't require an Internet connection, but a local network is still needed. Hence, you have to make sure that your Windows PC and your Android phone are connected to the same Wi-Fi/access point.

Download and install Remote Fingerprint Unlock from the Google Play Store. Download and install the latest Windows Fingerprint Credential module for your Windows PC. Be sure to read the setup instructions and warning thoroughly. Open the Android app and go to the Scan section. Start the Scan operation and let it find your Windows PC. Tap on the PC you want to set up. You can choose to give it a name and/or send a Wake-on-LAN packet if you have the pro version. After adding the PC, go to the Accounts section. Tap on "Add Account." Enter the username and password of the account you want to remotely unlock. After you add the account you want to unlock on the PC, tap on the account name so that a (Selected) shows up after the name (see the last screenshot.) If you don't do this, you'll get an error message saying something like "no default account has been selected."

6 Images

Close

Now that the modules are installed, you can try unlocking the PC.

Lock your Windows PC and you should see a new user called "Fingerprint Unlock." If it says the module is active, then you are able to proceed. 2 Images Close Open Remote Fingerprint Unlock on your phone and go to the Unlock section, Scan your fingerprint. If you set it up properly, you should see your Windows PC automatically unlock itself!

We recommend you check out the following XDA forum thread if you have any issues setting it up.

Check out the Remote Fingerprint Unlock thread on our forums

Remote Fingerprint Unlock Developer: Rusu Andrei Price: Free 3.9 Download

Is it safe to use?

I understand that some of you may be wary of installing a Windows application such as this. While I can't guarantee that the app is safe to use since it isn't open source, I do believe that the developer is trustworthy after having run it through various malware analysis tools and asking the developer to address what issues the tools picked up on.

For the sake of clarity, I'll quote our conversation below so you can decide for yourself:

Me: I ran it through VirusTotal and HybridAnalysis and they picked up the following results: Ikarus picks it up as "PUA.RVplatform"

TrendMicro picks it up as "Suspicious_GEN.F47V0908"

Filseclab picks it up as "Adware.CsdiMonetize.AI.twym" After a week, the developer made some changes and reached back to me: So, I did a few changes to the setup files a week ago and I have managed to reduce the number of detections to only 1/63 on VirusTotal, McAfee AV's scanner being the only one that detected my setup as Adware. I have sent an email to them to report the false detection and I still haven't received a response. This is the reason that I haven't contacted you. Surprisingly, I have scanned the latest release again and it comes clean. They probably updated their scanning engine, or whitelisted my setup but didn't respond back. Either way, I'm glad that it's finally not being falsely reported anymore. However, the x86 version is still tagged as being malicious by Endgame, as seen here, even though the same AV does not detect the x64 version as being malicious. I'll see if I can contact them somehow about this. On Hybrid-Analysis, Filseclab detects it as being Adware.CsdiMonetize.AI.twym, most likely because I still include a Windows Update required for the application to run on Windows versions older than 10. The writing to the remote process "C:\Windows\System32\wusa.exe" refer to the aforementioned updates which are installed using the "wusa.exe" process and "C:\Windows\System32\cscript.exe" refers to the .vbs script that creates the Windows Firewall exceptions for the LogonUI.exe process (the process under which the application runs). The script is taken from here. From his XDA thread, he also shared the following information: I've spent about 40% of the development time making the app as secure as possible. The communication between modules is secured using TLS (SSL). The accounts are stored on your computer as they are required when unlocking. However, they are encrypted using a key that is generated based on your fingerprint. As per this article, the generated key is backed by a Trusted Execution Environment, which prevents an attacker from gaining access to the key even if he had compromised the kernel. In other words, only the enrolled fingerprints on your phone can access the key. If you do uninstall, reset your app or even if you change one of your registered fingerprints, the file where the accounts are stored is lost forever and you will need to reconfigure your accounts. Lastly, research has been done to ensure that, even locally, your accounts are as safe as possible. No password is stored in-app and everything is done locally (between the app and the Windows module) and I'm not, in any way, shape or form, sending through the Internet or seeing anything that you type in-app. read more

As of December 2022, none of the security vendors listed under VirusTotal flags the Windows module of Remote Fingerprint Unlock (version 1.3.0 is the latest version at the time of writing). For enthusiasts, the installer is based on Inno Setup, which means you can easily decompile it using innounp or similar and take a sneak peek inside.

Personally, I find the developer's explanations to be sufficient. I'm surprised that, until the developer released his app, my Tasker script was the most widespread solution to unlock Windows PCs via the fingerprint scanner on Android. Looking back, my Tasker script was really inelegant, but nobody had made an app that could do better. Sure, Samsung had their own solution, but they limited it to Samsung Galaxy devices only. Thanks to Remote Fingerprint Unlock, I can remotely unlock my Windows 11 desktop PC using the fingerprint scanner on my Google Pixel 6a.