You can use your Ledger Nano S and your Ledger Bue with Windows Hello. It works on Windows 10 (minimum version 14393, last version 15063 is recommended). It requires one USB port to plug your Ledger Nano S or your Blue. it doesn't work on Android and iOS.
The Nano and the HW.1 don't support Ledger Hello.
If you have a Nano S, first make sure you run 1.3.1 firmware. To know if you need to update, open the Settings on the Nano S itself, and go to Settings > Device > Firmware. Follow these steps if you need to upgrade. The Blue doesn’t require any specific firmware.
WHAT IS LEDGER HELLO FOR ?
With Ledger Hello you can configure your Ledger device to sign in on Windows through the "Windows Hello" system, and unlock your Windows device each time it is required.
HOW TO INSTALL LEDGER HELLO
- Install the Ledger Hello application on your computer
Go to this page and click on the "GET" button
- install the Ledger Hello application on your device via the Ledger Manager- Launch the Ledger Manager (click to see how to install and use it if you don't have it installed yet)- Connect your Nano S or your Blue, enter your PIN, and stay on the dashboard.
- Click on the green bottom arrow icon near the Ledger Hello logo (a blue smiley)
- Confirm the installation when required on your device by pressing the right button above the checkmark √
- Quit the Ledger Manager
If you read "Unable to install application" error message it can be displayed for several issues described here. These 2 first steps are only required once. Now everything is ready to manage the Hello registration.
- System Configuration
To be able to use the Ledger Hello service you first have to set a PIN code to protect your Windows 10 account. Your PIN won’t replace your Windows password, it is an addition to it.
Go to your Windows settings, then Accounts, then Sign-in options, then go to the PIN section, click on Add, Windows will open a “Windows security” prompt, and invite you to type your password, after that you can set-up your new PIN.
Now your are ready to use Ledger Hello
HOW TO USE LEDGER HELLO
- Plug your Ledger Nano S or your Ledger Bue in an available USB port on your computer.
- Unlock your Ledger device by typing your pin, and open the Ledger Hello app on both your ledger device and your workstation.
- The Ledger Hello app should detect the device presence, and invite you to type a friendly name for your device. Type a device name, and click on REGISTER.
- You have to confirm the registration on your Ledger device.
- A “Windows Security” prompt will open, inviting you to type your PIN (see step 3.), type it, after that your new registered Ledger Device will appear on the device list.
You can register other devices by clicking the blue “+ REGISTER” button (you can register up to 5 devices).
You can delete your registered devices by clicking the trash icon (icon is visible when hovering the device line).
WHEN TO USE LEDGER HELLO
If your Ledger device is not plugged in, plug it, open the Ledger Hello app on your device, authentication will start automatically.
By default, unplugging your Ledger Device or closing the Ledger Hello app on your device will lock your workstation. You can deactivate that option in “Settings”, then “Unplug to lock”.
HOW DOES IT WORK
This application helps you secure your workstation access, by using the Windows Hello service (available from Windows 10 14393 build). With Windows Hello, you can unlock your workstation with alternative ways : biometrics (fingerprints, face recognition), or, what interests us, with companion devices. With Ledger Hello you can use your Ledger Device as a Windows Hello companion device, allowing strong authentication procedures to log on your workstation, instead of using a simple password or PIN (which are sensitive to keyloggers).
Ledger Hello uses HMAC SHA-256 challenge-response algorithm, involving random nonces generation, thus protecting against replay attacks. Private keys are stored in the chip’s Secure Element, preventing their leakage.
Due to a Framework limitation Windows Hello cannot be used for cold login (log-in after reboot, log-in on a signed out session), it can only be used on a locked session. We will update Ledger Hello application when the framework will allow cold login.
When an update is available your desktop application will display a message to download and install the last release.