Can I use a USB fingerprint reader to unlock bitlocker on Windows 10 Pro?

Question

I'd like to use a USB fingerprint reader to authenticate with bitlocker - i.e. unlock my machine when bitlocker password request screen is shown when booting into Windows.

Something like a tiny rectangular USB fingerprint dongle from:

• Kensington - Verimark - https://www.kensington.com/en-gb/p/products/security/biometric/kensington-verimark-fingerprint-key-supporting-windows-hello-and-fido-u2f-for-universal-2nd-facto/
• BENSS - http://www.benss-tech.com/
• PQI - http://www.pqigroup.com/prod_in.aspx?mnuid=1286&modid=138&prodid=1472

...All available on amazon, for example.

Assuming I could, then of course, for setting up I'd have to log in with my bitlocker password to get into Windows to then do the setup for next time I boot Windows.

Is it possible to setup Windows bitlocker to recognise my fingerprint using a USB finger print reader?

I have Windows 10 Pro 64bit on 3 machines that I'd like to use this fingerprint unlocking on:

• Panasonic Toughpad MkIII Intel x86-64 i5 vPro, Windows 10 Pro 64bit (which I think has the TPM module - though I don't know if this is necessary to fulfil my question)
• MacBook Air 11" 2015, 8Gb i7 2.2GHz (for Windows 10 Pro 64 bit on BootCamp)
• MacBook Pro 2016 15" retina/touchbar/thunderbolt 3 port x 4, 16Gb i7 quad core. (for Windows 10 Pro 64 bit on BootCamp)

It would appear that these work with Windows Hello. But I don't know if Windows Hello includes Bitlocker - i.e. Bitlocker is a part of Windows Hello or if they are 2 separate things.

Thank you for reading. I've already searched here and am perhaps surprised that the question had not already been asked, it would appear.

Answer 1

Windows Hello is irrelevant to Bitlocker, since Bitlocker operates before Windows is even loaded. So without Windows, there is no Hello working,

Some products exist for that, such as Secure Disk for BitLocker. I don't have any experience with this, but its description is a bit frightening when imagining all that can go wrong with it:

small security operating system that is loaded prior the start of Windows. It offers additional boot features and full management of the underlaying Windows encryption.

With a compatible BIOS, there might be such an option. I have seen descriptions of doing that (example), which I will summarize below:

• Turn on 'Power on password'
• In Fingerprint, set the security mode to NORMAL (not HIGH)
• Ensure Pre-desktop authentication is On

For the person answering, this meant authenticating once with his fingerprint at boot for both Bitlocker and Windows, but he had all these above options in his BIOS, which yours might not have.

Answer 2

Lots of MCUs these days can operate in "keyboard mode" (send keypresses over USB) and are smaller than the USB slot itself (fit invisibly inside)... all that's needed is the fingerprint hardware with that and the solution is done.

Not sure if anyone has manufactured such a thing yet though.