Windows 10: Does local account support Two-factor authentication?

  1.    23 Aug 2017 #1

    Does local account support Two-factor authentication?


    I'm guessing one needs a Microsoft account for it... but I'm not sure, I would like it to first scan my fingerprint then I get prompted for a password. Does anyone know if this is possible on a local account?
      My ComputerSystem Spec

  2.    23 Aug 2017 #2

    I'm not sure if it possible to do what you want with any sort of account - either Microsoft or Local.

    When you log into Windows you have the choice of PIN, Password or Fingerprint (or face or iris) depending on what hardware you have and what you have set up. At this point I don't think you can set 2 factor authentication (if by that you mean using more than one of these). You can only chose one method - so in your case either fingerprint or password.

    If you look at this blog, Microsoft call using a fingerprint reader 2 factor authentication as you need both the finger and the device. I suppose this is technically true but isn't how most people would understand 2FA - i.e. having to do 2 things.

    Once enrolled, devices themselves become one of two factors that are required for authentication. The second factor will be a PIN or biometric, such as fingerprint. From a security standpoint, this means that an attacker would need to have a user’s physical device – in addition to the means to use the user’s credential – which would require access to the users PIN or biometric information.
    Windows 10: Security and Identity Protection for the Modern World

    What you could do is set an password to be displayed earlier in the boot process. If you had 10 Pro you could set a bitlocker password but as you have home this is not possible. Depending on your BIOS you may be able to set a BIOS password and/or a password to unlock your hard disk. All of these passwords are issued before windows boots so none of these would be triggered if you locked your screen - only after shutting down or restarting. They would mean it requires both a password and fingerprint to boot your system though.
      My ComputerSystem Spec

  3.    24 Aug 2017 #3

    lx07 said: View Post
    I'm not sure if it possible to do what you want with any sort of account - either Microsoft or Local.

    When you log into Windows you have the choice of PIN, Password or Fingerprint (or face or iris) depending on what hardware you have and what you have set up. At this point I don't think you can set 2 factor authentication (if by that you mean using more than one of these). You can only chose one method - so in your case either fingerprint or password.

    If you look at this blog, Microsoft call using a fingerprint reader 2 factor authentication as you need both the finger and the device. I suppose this is technically true but isn't how most people would understand 2FA - i.e. having to do 2 things.


    Windows 10: Security and Identity Protection for the Modern World

    What you could do is set an password to be displayed earlier in the boot process. If you had 10 Pro you could set a bitlocker password but as you have home this is not possible. Depending on your BIOS you may be able to set a BIOS password and/or a password to unlock your hard disk. All of these passwords are issued before windows boots so none of these would be triggered if you locked your screen - only after shutting down or restarting. They would mean it requires both a password and fingerprint to boot your system though.
    Thank you for the reply, its unfortunate you cant modify it for multiple identification methods after one another in my opinion
      My ComputerSystem Spec

  4.    24 Aug 2017 #4

    OxtailSnail said: View Post
    Thank you for the reply, its unfortunate you cant modify it for multiple identification methods after one another in my opinion
    I agree. For me 2FA means doing 2 things. I think MS are being rather disingenuous calling fingerprint or PIN 2FA although it is all semantics I suppose. They are probably correct.

    There are other options (all of which require Windows 10 Pro not Home I think) like requiring a smart card or a bitlocker USB key and password). None of these really cover what you want anyway.

    There might be some third party software to force fingerprint and password (I believe HP does some for their business line laptops) but I don't know anything about that I'm afraid.

    If you are making a choice between using a password or PIN/biometric to logon (rather than both) is definitely more secure to take the second option - see the link below

    Why a PIN is better than a password (Windows 10) | Microsoft Docs
      My ComputerSystem Spec


  5. Posts : 3,320
    Windows 10 Pro x64 v1803 Build 17134.228 (Branch: RS4 Release Preview)
       24 Aug 2017 #5

    OxtailSnail said: View Post
    Thank you for the reply, its unfortunate you cant modify it for multiple identification methods after one another in my opinion
    I agree. I would have password/pin, iris and fingerprint on at the same time if possible, if I ever would have such security requirements. Then if for some reason I can not get into my system I would have to use a master password only that is insanely long (like 200+ characters long) :)

    I would love to have an easy way to accomplish this.
      My ComputersSystem Spec


 

Related Threads
I have a local user account that comes up as the default user when Windows10 boots up that I would like to remove. I have tried the usual user modification menus but this account does not show up. It is annoying to have to go through this false...
Source: Convenient two-factor authentication with Microsoft Passport and Windows Hello | Building Apps for Windows How to Set up a Face for Windows Hello in Windows 10
I would like help solving a mystery. I set up a new Dell Optiplex 3020 which shipped with Windows 10 Pro. I bypassed the option to set up the user with a Microsoft Account (The owner does not have a microsoft account and I did not create one at...
So I originally started with a local account but then signed into the store with a MS account. I changed the setting where users are required to enter a password through netplwiz (like this) and making a password not required after waking from...
I have done some reading that Windows10 will incorporate 2-factor authentication. I was wondering for Windows Logon, does Windows10 support password AND biometric (e.g. fingerprint) authentication? If so, can you provide any feedback on exactly...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 06:49.
Find Us