Today, Microsoft announced that it is addressing a recent backlash around Windows Recall after it was discovered that the feature stores data unencrypted on the device. The company says it will ensure Windows Recall data is safe by employing “just in time” protection to ensure the data is only decrypted when the user authenticates into the app with Windows Hello.
Additionally, Microsoft says it will make Windows Recall an opt-in experience, meaning it won’t be enabled by default on Copilot+ PCs. Users will be prompted to enable or disable it during Windows Setup, and if they choose not to enable It, the feature will not function.
Microsoft also says it’s making further security improvements to Windows Recall. It will now require Windows Hello to be set up on the system and require the user to be present in front of the screen to access Recall data. If the user is not at their computer, Recall data will not be accessible.
Here are the changes Microsoft is making to Windows Recall:
- Even before making Recall available to customers, we have heard a clear signal that we can make it easier for people to choose to enable Recall on their Copilot+ PC and improve privacy and security safeguards.
- Second, Windows Hello enrollment is required to enable Recall. In addition, proof of presence is also required to view your timeline and search in Recall.
- Third, we are adding additional layers of data protection including “just in time” decryption protected by Windows Hello Enhanced Sign-in Security (ESS) so Recall snapshots will only be decrypted and accessible when the user authenticates. In addition, we encrypted the search index database.
