While it sounds simple—show the system two photos and you're in—these Windows Hello bypasses wouldn't be easy to carry out in practice. The hack requires that attackers have a good-quality infrared image of the target's face and have physical access to their device. But the concept is significant as Microsoft continues to push Hello adoption with Windows 11.
There are different ways to take and process images for facial recognition. Apple's FaceID, for example, only works with the company's proprietary TrueDepth camera arrays, an infrared camera combined with a number of other sensors. But Apple is in a position to control both hardware and software on its devices in a way that Microsoft is not for the Windows ecosystem. The Windows Hello Facesimply says “Sign-in with your PC's infrared camera or an external infrared camera.