Windows Hello is a Microsoft's method for logging into Windows using biometric authentication. Because Moira is the system of record and not Active Directory, password changes are detected by Windows Hello as having changed your password on a different device. Normally, this just means logging onto the computer utilizing Windows Hello once with your new password. However, most computers have athena.mit.edu as the default realm. Logging onto the computer with athena.mit.edu as the realm will not properly synchronize the password. You will need to pre-pend the username with WIN\ is order for you to use win.mit.edu as the realm. You have to do this least once after changing your Kerberos password before Windows Hello will properly recognize the password change. Windows Hello will then function properly until you change you password again.