![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi B..Peter, Welcome to Microsoft Community. Thank you for posting an inquiry about the Windows Hello recurring authentication issue.
According to the article, there have been no cases related to this phenomenon in the list of known issues for Windows 11 23H2.
Windows 11, version 23H2 known issues and notifications | Microsoft Learn
The TPM module is used to manage the integrity of the device, including Windows Hello data, BitLocker encryption. If there is an issue with the TPM module itself, it can lead to a number of issues, such as not being able to verify Windows Hello information on the lock screen page.
What is TPM? - Microsoft Support
When a problem occurs with a device, restoring the device to a relatively early state to minimize the impact of potential software environment changes is always the preferred option.
To open System Restore, Use the keyboard shortcut Windows +R, type rstrui.exe and press Enter.
- In the Restore system files and settings box, select Next
- Select the restore point that you want to use in the list of results. If you don’t see the restore point that you want to use, select the Show more restore points check box to see more restore points.
- Optionally, select Scan for affected programs.
- Once you find the proper restore point, select Next > Finish.
- After the restore point is applied, Windows restarts automatically.
To uninstall an update,
- In the Settings app on your Windows device, select Windows Update> Update history> Uninstall updates.
- On the list that appears, select update you want to remove, and then select Uninstall.
- In Windows 10, you can access fromUpdate & Security> Windows Update> View your update history> Uninstall updates
- **Note:**Some updates cannot be uninstalled.
Incomplete, corrupted credential information can cause strange authentication issues.
Credential Manager lets you view and delete your saved credentials for signing in to websites, connected applications, and networks.
- To open Credential Manager, type credential manager in the search box on the taskbar and select Credential Manager Control panel.
- Select Web Credentials or Windows Credentials to access the credentials you want to manage.
- The credentials associated with the Microsoft account may be prefixed with "MicrosoftAccount:user" or "SSO_POP".
We noticed that you mentioned that you have tried to reset your fingerprint information. One potential possibility is that some information is still associated with other data. The information below summarizes the steps to clean up existing Windows Hello-related data, including cleaning up PIN information and biometric information, based on other early cases.
- Press Win or Win + S, type Command Prompt, right-click it, and choose Run as administrator.
- In the Command Prompt window, execute the following commands one by one to gain access to the NGC (Next Generation Credentials) directory associated with Windows Hello. (Make sure your C drive is the system drive; if not, change to the correct drive letter)
takeown /f C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\NGC /r /d y <br> icacls C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\NGC /grant everyone:(oi)(ci)(F) /t <br><br><br><br> Ren C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Ngc Ngc.old - The takeown command and icacls command are usually used to change the permissions/access control of files/folders, and the ren command is used to rename files. The meaning of the combination of the ren command and “Ngc.old” is to rename the original “Ngc” file/folder to “Ngc.old” as a backup. This will make the system try to reallocate the file/folder as a backup. This will make the system try to reallocate the new Ngc directory.
- Reset biometric data associated with Windows Hello service. Type services.msc in search box and hit the Enter key, locate "Windows Biometric Service" service, right click it and stop it.
- Navigate to the following path and delete the file named "GUID.DAT". You can also manually back up the "GUID.DAT" file to another directory.
C:\Windows\System32\WinBioDatabase - Start the "Windows Biometric Service" service again.
- Re-enroll your fingerprints or face recognition.
A local account provides an independent user environment on your device. Observing under a different user profile helps to understand if the problem is specific to a corrupted user profile. Using Command Prompt ensures you can bypass user interface issues. Even if it may not ameliorate the problem, it can prepare you with alternate options for logging on to the Windows desktop environment in advance before performing other troubleshooting steps.
To create a new local account via Command Prompt:
- Press Win or Win + S, type Command Prompt, right-click it, and choose Run as administrator.
- Execute the command to create a new account, replace <Username> with the desired username, and <Password> with the desired password.
net user "<Username>" "<Password>" /add - Execute the command to promote the account to admin level, replace <Username> with the desired username.
net localgroup Administrators "<Username>" /add
If the different user profiles do not exhibit the same issues, you can consider gradually moving important data to the new user profiles.
Troubleshoot Problems Signing In to Windows - Microsoft Support
If I misunderstand your situation, feel free to correct me and share the information.Best Regards,Kyo.Y - MSFT | Microsoft Community Technical Support