The differences between Windows account PINs and passwords

Martin Brinkmann
Aug 8, 2022
Windows 11 Help
|
11

Microsoft's Windows 10 and 11 operating systems support several different account authentication options. There is the classic local user account and password option, the Microsoft account and password option, and options provided by Windows Hello. Use of a PIN is the most common one, as Microsoft is pushing it specifically.

windows pin password security

Some Windows users might wonder which option is the most secure or most comfortable. The answer is not as straightforward as it may seem. Using a PIN to sign-in may look inferior on first glance, as it is a four-digit number by default; but is that really the case?

Let's take a closer look at the different options and their characteristics.

ADVERTISEMENT
  • Local account with password -- works on a single local computer only. No online restoration options, but also no online attacks, e.g., on Microsoft sites against the username. No online monitoring or recovery options.
  • Microsoft account with password -- works universally. One password for the account, regardless of number of devices. Options to restore and monitor access online. May be attacked online.
  • Microsoft account with PIN -- works only on the computer the PIN has been set on. Restore options provided via the Microsoft account. No online attacks, as it is local.

Protecting a Windows PC with a PIN looks like a mix between using the password of a local account with the benefits that a Microsoft account offers. The PIN is stored locally and that means that it is safe from many online attacks. Local attacks are limited as well, as Microsoft is preventing fast brute force attacks against user account PINs by limiting attempts artificially. It may still be possible to guess the PIN, especially if information about the user is available. Windows users may, and should, improve the security of the PIN access by using more than four alpha-numerical characters.

Successfully gaining access to a Windows user account that is protected by a PIN does not give automatic access to the Microsoft Account of the user. The Microsoft Account password, or the passwordless option,  is still required to gain access to the account.

Access to a user account may open the can of worms, on the other hand. One example: email programs or email services may be accessed, and the linked email accounts may be used for verification requests. Therefore, it is essential to pick a secure PIN, if there is a chance that someone else may have access to the device.

Users who want to be even safer may want to explore options to fully encrypt the device; this adds another layer of security to the sign-in process, as the password to decrypt the entire PC needs to be supplied first before PIN or password prompts are even shown.

Now You: how do you secure your user accounts?

Summary
The differences between Windows account PINs and passwords
Article Name
The differences between Windows account PINs and passwords
Description
Is a Windows account PIN more secure than a password? Find out about the differences between using PINs and passwords to protect Windows accounts.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. VioletMoon said on August 8, 2022 at 10:02 pm
    Reply

    Not on my Windows 11 computer right now, but I know I use a PIN and setup auto-login. The following link provides information covered several times at gHacks:

    https://www.technewstoday.com/login-without-password-windows-11/

    1. Martin Brinkmann said on August 9, 2022 at 6:15 am
      Reply

      I like automatic sign-ins to Windows, it is very convenient. If you pair it with full disk encryption, there is nothing to worry about.

      1. Martin Brinkmann said on August 9, 2022 at 6:15 am
        Reply

        See here for instructions on signing in to Windows 11 automatically: https://www.ghacks.net/2021/10/10/how-to-sign-in-to-windows-11-automatically/

  2. Tachy said on August 9, 2022 at 2:47 am
    Reply

    Local accounts only. Password and Picture are setup.

    I’ve only recently started using the Picture. You pick 3 locations on the background image to click on. You don’t have to hit the 3 spots exactly but it would be near impossible to just guess them.

    We have this setup as well as alphanumeric passwords and you can select which to use to unlock the pc with a click.

    Note: We have custom static sign in screens set and the lockscreen disabled so it’s easy to choose and remember 3 locations on the screen.

  3. Anonymous said on August 10, 2022 at 4:36 am
    Reply

    Is fingerprint more or less secure than PIN or Password?

    1. owl said on August 10, 2022 at 10:34 am
      Reply

      Fingerprints (biometric data) are your one and only unique to you in all ages (past and future), and in the world.
      If it is copied or otherwise obtained by others, it would be fatally serious!
      https://www.ghacks.net/2022/06/08/lastpass-introduces-passwordless-vault-access/#comment-4523616

      1. owl said on August 10, 2022 at 11:44 am
        Reply

        Regarding biometric data:

        There are concerns about how biometric data can be shared. Cannot denial the possibility that the organization that manages biometrics may sell or provide biometric data to others, including law enforcement, immigration enforcement, and repressive foreign governments.

        In particular, the storage and management of biometric data requires a high ability to achieve and permanence in all aspects of technology, expense, business ethics, compliance, and sustainability.
        The location where biometric data is stored must be absolutely secure.
        This is because biometric data cannot be reset like passwords. Once your biometric data is hacked or leaked, there doing something irreversible. You can’t change a person’s fingerprint or iris.

  4. Barry said on August 10, 2022 at 3:59 pm
    Reply

    User information can be intentionally leaked. There’s money to be made from each individual, as the phrase goes.

    Biometric login is easier to track regardless what location you’re in. Once biometric information is leaked, users are basically screwed.

  5. PANAMA PATRICK said on August 12, 2022 at 9:13 pm
    Reply

    MICROSOFT FORCED ME TO SIGN IN USING A PIN. I JUST HATE THAT!!! I HAVE NOTHING TO HIDE ON MY COMPUTER, NO NUCLEAR DOCUMENTS, NO MONEY DOCUMENTS, NO ILLEGAL CRAP, NOTHING EMBARRASSING . WHY WAS I FORCED TO SIGN IN WITH A PIN? THE DEEP STATE WANTS TOTAL CONTROL!!!
    PS: FORGIVE MY UPPER CASE AS I SUFFER FROM AMD-WET AND ALMOST BLIND.

  6. Alex said on August 25, 2022 at 5:07 pm
    Reply

    Best Information thanks

  7. Anonymous said on September 15, 2022 at 3:00 pm
    Reply

    “Users who want to be even safer may want to explore options to fully encrypt the device; this adds another layer of security to the sign-in process”

    Doesn’t seem to apply anymore. Enabling bitlocker on windows 11 doesn’t add any extra step. The drive is decrypted by windows hello OR offline user password.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.