Microsoft is pushing hard for Windows users to shift from using passwords to its Hello biometrics system, but researchers sponsored by the German government have found a critical flaw in its business implementation.

In a presentation at the Black Hat conference in Las Vegas, Dr Baptiste David and Tillmann Osswald from independent security shop ERNW Research demonstrated how one can crack the Hello system and a local admin, or someone who has access to their credentials via malware or other means, can inject biometric information into a computer that would allow it to recognize any face or fingerprint.