1.    23 Aug 2017 #1
    Join Date : Jun 2017
    Posts : 13
    Windows 10 Pro

    Does local account support Two-factor authentication?


    I'm guessing one needs a Microsoft account for it... but I'm not sure, I would like it to first scan my fingerprint then I get prompted for a password. Does anyone know if this is possible on a local account?
      My ComputerSystem Spec
  2.    23 Aug 2017 #2
    Join Date : Jul 2015
    Posts : 3,743
    10 Pro

    I'm not sure if it possible to do what you want with any sort of account - either Microsoft or Local.

    When you log into Windows you have the choice of PIN, Password or Fingerprint (or face or iris) depending on what hardware you have and what you have set up. At this point I don't think you can set 2 factor authentication (if by that you mean using more than one of these). You can only chose one method - so in your case either fingerprint or password.

    If you look at this blog, Microsoft call using a fingerprint reader 2 factor authentication as you need both the finger and the device. I suppose this is technically true but isn't how most people would understand 2FA - i.e. having to do 2 things.

    Once enrolled, devices themselves become one of two factors that are required for authentication. The second factor will be a PIN or biometric, such as fingerprint. From a security standpoint, this means that an attacker would need to have a user’s physical device – in addition to the means to use the user’s credential – which would require access to the users PIN or biometric information.
    Windows 10: Security and Identity Protection for the Modern World

    What you could do is set an password to be displayed earlier in the boot process. If you had 10 Pro you could set a bitlocker password but as you have home this is not possible. Depending on your BIOS you may be able to set a BIOS password and/or a password to unlock your hard disk. All of these passwords are issued before windows boots so none of these would be triggered if you locked your screen - only after shutting down or restarting. They would mean it requires both a password and fingerprint to boot your system though.
      My ComputerSystem Spec
  3.    24 Aug 2017 #3
    Join Date : Jun 2017
    Posts : 13
    Windows 10 Pro
    Thread Starter

    Quote Originally Posted by lx07 View Post
    I'm not sure if it possible to do what you want with any sort of account - either Microsoft or Local.

    When you log into Windows you have the choice of PIN, Password or Fingerprint (or face or iris) depending on what hardware you have and what you have set up. At this point I don't think you can set 2 factor authentication (if by that you mean using more than one of these). You can only chose one method - so in your case either fingerprint or password.

    If you look at this blog, Microsoft call using a fingerprint reader 2 factor authentication as you need both the finger and the device. I suppose this is technically true but isn't how most people would understand 2FA - i.e. having to do 2 things.


    Windows 10: Security and Identity Protection for the Modern World

    What you could do is set an password to be displayed earlier in the boot process. If you had 10 Pro you could set a bitlocker password but as you have home this is not possible. Depending on your BIOS you may be able to set a BIOS password and/or a password to unlock your hard disk. All of these passwords are issued before windows boots so none of these would be triggered if you locked your screen - only after shutting down or restarting. They would mean it requires both a password and fingerprint to boot your system though.
    Thank you for the reply, its unfortunate you cant modify it for multiple identification methods after one another in my opinion
      My ComputerSystem Spec
  4.    24 Aug 2017 #4
    Join Date : Jul 2015
    Posts : 3,743
    10 Pro

    Quote Originally Posted by OxtailSnail View Post
    Thank you for the reply, its unfortunate you cant modify it for multiple identification methods after one another in my opinion
    I agree. For me 2FA means doing 2 things. I think MS are being rather disingenuous calling fingerprint or PIN 2FA although it is all semantics I suppose. They are probably correct.

    There are other options (all of which require Windows 10 Pro not Home I think) like requiring a smart card or a bitlocker USB key and password). None of these really cover what you want anyway.

    There might be some third party software to force fingerprint and password (I believe HP does some for their business line laptops) but I don't know anything about that I'm afraid.

    If you are making a choice between using a password or PIN/biometric to logon (rather than both) is definitely more secure to take the second option - see the link below

    Why a PIN is better than a password (Windows 10) | Microsoft Docs
      My ComputerSystem Spec
  5.    24 Aug 2017 #5
    Join Date : Jan 2017
    Turku
    Posts : 1,781
    Windows 10 Pro IP Build 16299.19 (Branch: RS3 Release)

    Quote Originally Posted by OxtailSnail View Post
    Thank you for the reply, its unfortunate you cant modify it for multiple identification methods after one another in my opinion
    I agree. I would have password/pin, iris and fingerprint on at the same time if possible, if I ever would have such security requirements. Then if for some reason I can not get into my system I would have to use a master password only that is insanely long (like 200+ characters long)

    I would love to have an easy way to accomplish this.
      My ComputersSystem Spec

 


Similar Threads
Thread Forum
Solved Delete local user account or change default account on start up
I have a local user account that comes up as the default user when Windows10 boots up that I would like to remove. I have tried the usual user modification menus but this account does not show up. It is annoying to have to go through this false...
User Accounts and Family Safety
Two-factor authentication with Microsoft Passport and Windows Hello
Source: Convenient two-factor authentication with Microsoft Passport and Windows Hello | Building Apps for Windows How to Set up a Face for Windows Hello in Windows 10
Windows 10 News
Local account login changed to Microsoft Account so unable to log in
I would like help solving a mystery. I set up a new Dell Optiplex 3020 which shipped with Windows 10 Pro. I bypassed the option to set up the user with a Microsoft Account (The owner does not have a microsoft account and I did not create one at...
User Accounts and Family Safety
Solved Local account changed to MS account, act as separate accounts at login
So I originally started with a local account but then signed into the store with a MS account. I changed the setting where users are required to enter a password through netplwiz (like this) and making a password not required after waking from...
User Accounts and Family Safety
Windows Logon: 2-Factor Biometric Authentication
I have done some reading that Windows10 will incorporate 2-factor authentication. I was wondering for Windows Logon, does Windows10 support password AND biometric (e.g. fingerprint) authentication? If so, can you provide any feedback on exactly...
General Support
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 11:57.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums