How to use Windows 10’s Dynamic Lock to secure your PC when you walk away
Dynamic Lock is a convenient, if somewhat imperfect, new feature that uses the proximity of a Bluetooth-paired phone to handle Windows 10 device access.
When Microsoft released Build 15031 of the Windows 10 Insider Preview on February 8, 2017, it added a new OS feature for Bluetooth-equipped devices. It’s called Dynamic Lock, and lets you control access to your PCs based on how close they—and your Bluetooth-paired phones—are to them. That is, if the phone you’ve paired with your PC (it works for laptops, notebooks, tablets and desktops) is not found within radio range of your PC, Windows 10 turns off the screen and locks the PC after 30 seconds have elapsed. Thus, Dynamic Lock makes a dandy new security feature in Creators Update, one that most business users (or their IT departments) will find worth turning on and using.
Setting up Dynamic Lock
To begin, you must pair your phone with your Windows 10 PC.
To do this, open “Devices and Printers,” then click “Add a device.” Once the phone has been paired with your PC, you’ll see something like this under the “Devices” heading in this control panel widget (here, my iPhone is paired with my Dell Venue Pro 11 7139 hybrid tablet PC).
Once pairing is complete, you can turn on Dynamic Lock by visiting Settings > Accounts > Sign-in options. Simply click the checkbox under the Dynamic Lock heading that reads “Allow Windows to detect when you’re away and automatically lock the device,” as shown in this screen snippet:
How Dynamic Lock works
Basically, Dynamic Lock polls the strength of the signal between your PC and the paired phone at a regular interval. According to an excellent story for Thurrott.com by Rafael Rivera entitled “Using and Calibrating Dynamic Lock in Windows 10 Creators Update,” this new OS feature is known to some as “Windows Goodbye,” in contrast to the Windows Hello technologies that work with biometric recognition of fingerprints or face scans. According to the same source, some OEMs refer to this feature a “proximity lock.” Whatever it’s called, it’s a handy new feature that leverages the common situation where most PC users not only have mobile phones, but tend to keep those phones on their persons at all times (even when they’re not working on their PCs).
Rivera tested this facility and observed that it depends on an ongoing set of activities repeated multiple times per minute. According to Rivera, Dynamic Lock:
- Connects to the Bluetooth-paired phone.
- Retrieves the average Received Signal Strength Indication (RSSI) for that connection.
- Disconnects from the Bluetooth-paired phone.
- Determines if the RSSI value dips below a certain threshold.
Rivera also observesthat this feature consumes power and will impact battery life on both devices when it’s running. He noted that the cut-off threshold for RSSI is somewhere around -10 decibels (dB). Because he created a tool that measures this data, I was able to confirm his observations to be correct (here’s a link to download the tool, named draconyx.exe). Using the tool, you can determine how far away you have to walk before the PC locks down. Rivera reports that he had to walk “halfway across the floorplan” of his apartment before the lock engages. At my house, the default setting meant that I had to walk all the way to the other side of the house, as far as I could get from my home office before the lock would engage.
You can use Rivera’s tool and a couple of Windows registry settings to shorten this distance if, as for many people, you want to the lock to kick in sooner rather than later. Here’s how:
- Create a registry key named
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NaAuth
- Within that key create a DWORD value named
BluetoothRssiMaxDelta
- Set the value to whatever number makes sense for the situation. (For Rivera, that turned out to be 5 or 6 because he wanted to engage the lock fairly quickly; in my house, 8 works nicely.) You can experiment to determine what works for you. (Hint: To speed up the process, enlist a friend or family member to watch the PC while you walk away with the phone.)
Working with draconyx.exe
Here’s what the tool, labeled “Paired Bluetooth Devices” looks like in action:
As you move around the local space near your PC, you’ll get a pretty good sense of how far away you want to be before the PC lock engages. A bit of twiddling with the values in the registry key value, and you’ll be ready to rock’n’roll. Simply subtract the value at the point where you want the lock to kick in from the value you read when the phone is next to the PC (and drop the minus sign, as will most often be the case), and you’re good to go.
Is Dynamic Lock foolproof?
While Dynamic Lock works reasonably well and does what Microsoft says it’s supposed to, a little tweaking with Rivera’s tool is probably a good idea. That goes double if you expect it to protect your PC from unwanted viewing or access. It’s also worth noting that Bluetooth services are not exactly robust or engineered for high reliability on all devices.
I sometimes had difficulty getting Dynamic Lock to work after my Dell Venue Pro woke up following protracted periods of idleness. As it happens, post-sleep glitches like this are common for Bluetooth connections of all kinds. In every case, I could regain proper use of Dynamic Lock by restarting the PC (which the Dell unit does quickly, thanks to its relatively snappy i5 CPU and an even faster LiteOn SSD boot/system disk).
The battery cost of the feature is noticeable, too. My iPhone’s normal battery life decreased by about one-third when I used this feature constantly. The battery drain on the Dell was a little less severe (probably because it has a much bigger battery), and seemed to reduce battery life by 20 to 25 percent. Thus, while Dynamic Lock is convenient, it does come with an energy cost.
originally published by CIO.