Windows PIN?

cereberus said:

Nope - you do not understand difference between password and PIN. For sure you can make a PIN more complicated but not much point unless people have direct physical access to PC.


If users have no physical access to PC, a Pin is more secure.

A hello pin code without tpm the computer is vulnerable to online attacks. It is tpm that makes physical access to the computer necessary to break it. Microsoft does not recommend hello without tpm.


Read or reread the article and watch the video:
"PIN is backed by hardware
The Hello PIN is backed by a Trusted Platform Module (TPM) chip, which is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper resistant, and malicious software is unable to tamper with the security functions of the TPM. All Windows 10 Mobile phones and many modern laptops have TPM.


User key material is generated and available within the Trusted Platform Module (TPM) of the user device, which protects it from attackers who want to capture the key material and reuse it. Because Hello uses asymmetric key pairs, users credentials can't be stolen in cases where the identity provider or websites the user accesses have been compromised.


The TPM protects against a variety of known and potential attacks, including PIN brute-force attacks. After too many incorrect guesses, the device is locked "

"What if someone steals the laptop or the phone?
To compromise Windows Hello credentials protected by TPM, an attacker must have access to the physical device (...)"

Here another article from microsoft: https://docs.microsoft.com/en-us/win...ness/hello-faq


How are keys protected?
Wherever possible, Windows Hello for Business takes advantage of Trusted Platform Module (TPM) 2.0 hardware to generate and protect keys. However, Windows Hello and Windows Hello for Business do not require a TPM. Administrators can choose to allow key operations in software.

Whenever possible, Microsoft strongly recommends the use of TPM hardware. The TPM protects against a variety of known and potential attacks, including PIN brute-force attacks. The TPM provides an additional layer of protection after an account lockout, too. When the TPM has locked the key material, the user will need to reset the PIN (which means they'll need to use MFA to re-authenticate to the IDP before the IDP allows them to re-register). "



I don't know if asymmetric key pairs are related to enabling tpm and if not, if they are useful without tpm. If it is tmp that gives asymmetric key pairs, the use of hello is useless if the computer does not have tpm. If it's not tpm and the computer doesn't have tpm, then maybe using hello with a complex pin code is recommended. In the worst case the computer will be protected like a password.

FreeBooter said:

If you are using user account password to configure PIN then its not secured because when you reset user account password the PIN will also reset.

This makes zero sense.

A password is not used to configure a PIN.

A PIN does not get changed when a password is changed.

You still need to remember your password even though you set up a PIN to login to Windows.

Here’s why:

For example, I have UAC set to prompt for credentials on the secure desktop whenever I need to open or execute system files. So therefore, the UAC will always ask for my normal account password. The UAC prompt does not even have the option to enter the PIN, only the password.

But these are my settings, so maybe each of you either doesn’t have the UAC enabled or it may only be set as Consent only without asking for the credentials.

In my case, the UAC is set to enter a username and password every time I execute or install an app or open up system files just for an additional added layer of security.

But no option in the UAC prompt to enter the PIN. The PIN is only needed just to login to my Windows local account.

win10freak said:

You still need to remember your password even though you set up a PIN to login to Windows.

Here’s why:

For example, I have UAC set to prompt for credentials on the secure desktop whenever I need to open or execute system files. So therefore, the UAC will always ask for my normal account password. The UAC prompt does not even have the option to enter the PIN, only the password.

But these are my settings, so maybe each of you either doesn’t have the UAC enabled or it may only be set as Consent only without asking for the credentials.

In my case, the UAC is set to enter a username and password every time I execute or install an app or open up system files just for an additional added layer of security.

But no option in the UAC prompt to enter the PIN. The PIN is only needed just to login to my Windows local account.

Did you click on more choices? I have the pin code and the fingerprint when I click on more options, in addition to the password.

If you have tpm 2.0 or 1.2 the pin code is better than the password. And tpm 2.0 is better than tpm 1.2 in general.

I don't know how bitlocker works, it looks like you are right, tpm protects everything so an identical pin code should suffice. Wait for other people who know bitlocker.
Personally I would say tpm 2.0 with a simple pin code and the same pin code for bitlocker. With tpm 1.2, a more complex pin code and a different pin code for bitlocker.