The differences between Windows account PINs and passwords
Microsoft's Windows 10 and 11 operating systems support several different account authentication options. There is the classic local user account and password option, the Microsoft account and password option, and options provided by Windows Hello. Use of a PIN is the most common one, as Microsoft is pushing it specifically.
Some Windows users might wonder which option is the most secure or most comfortable. The answer is not as straightforward as it may seem. Using a PIN to sign-in may look inferior on first glance, as it is a four-digit number by default; but is that really the case?
Let's take a closer look at the different options and their characteristics.
- Local account with password -- works on a single local computer only. No online restoration options, but also no online attacks, e.g., on Microsoft sites against the username. No online monitoring or recovery options.
- Microsoft account with password -- works universally. One password for the account, regardless of number of devices. Options to restore and monitor access online. May be attacked online.
- Microsoft account with PIN -- works only on the computer the PIN has been set on. Restore options provided via the Microsoft account. No online attacks, as it is local.
Protecting a Windows PC with a PIN looks like a mix between using the password of a local account with the benefits that a Microsoft account offers. The PIN is stored locally and that means that it is safe from many online attacks. Local attacks are limited as well, as Microsoft is preventing fast brute force attacks against user account PINs by limiting attempts artificially. It may still be possible to guess the PIN, especially if information about the user is available. Windows users may, and should, improve the security of the PIN access by using more than four alpha-numerical characters.
Successfully gaining access to a Windows user account that is protected by a PIN does not give automatic access to the Microsoft Account of the user. The Microsoft Account password, or the passwordless option, is still required to gain access to the account.
Access to a user account may open the can of worms, on the other hand. One example: email programs or email services may be accessed, and the linked email accounts may be used for verification requests. Therefore, it is essential to pick a secure PIN, if there is a chance that someone else may have access to the device.
Users who want to be even safer may want to explore options to fully encrypt the device; this adds another layer of security to the sign-in process, as the password to decrypt the entire PC needs to be supplied first before PIN or password prompts are even shown.
Now You: how do you secure your user accounts?
Not on my Windows 11 computer right now, but I know I use a PIN and setup auto-login. The following link provides information covered several times at gHacks:
I like automatic sign-ins to Windows, it is very convenient. If you pair it with full disk encryption, there is nothing to worry about.
See here for instructions on signing in to Windows 11 automatically: https://www.ghacks.net/2021/10/10/how-to-sign-in-to-windows-11-automatically/
Local accounts only. Password and Picture are setup.
I’ve only recently started using the Picture. You pick 3 locations on the background image to click on. You don’t have to hit the 3 spots exactly but it would be near impossible to just guess them.
We have this setup as well as alphanumeric passwords and you can select which to use to unlock the pc with a click.
Note: We have custom static sign in screens set and the lockscreen disabled so it’s easy to choose and remember 3 locations on the screen.
Is fingerprint more or less secure than PIN or Password?
Fingerprints (biometric data) are your one and only unique to you in all ages (past and future), and in the world.
If it is copied or otherwise obtained by others, it would be fatally serious!
Regarding biometric data:
There are concerns about how biometric data can be shared. Cannot denial the possibility that the organization that manages biometrics may sell or provide biometric data to others, including law enforcement, immigration enforcement, and repressive foreign governments.
In particular, the storage and management of biometric data requires a high ability to achieve and permanence in all aspects of technology, expense, business ethics, compliance, and sustainability.
The location where biometric data is stored must be absolutely secure.
This is because biometric data cannot be reset like passwords. Once your biometric data is hacked or leaked, there doing something irreversible. You can’t change a person’s fingerprint or iris.
User information can be intentionally leaked. There’s money to be made from each individual, as the phrase goes.
Biometric login is easier to track regardless what location you’re in. Once biometric information is leaked, users are basically screwed.
MICROSOFT FORCED ME TO SIGN IN USING A PIN. I JUST HATE THAT!!! I HAVE NOTHING TO HIDE ON MY COMPUTER, NO NUCLEAR DOCUMENTS, NO MONEY DOCUMENTS, NO ILLEGAL CRAP, NOTHING EMBARRASSING . WHY WAS I FORCED TO SIGN IN WITH A PIN? THE DEEP STATE WANTS TOTAL CONTROL!!!
PS: FORGIVE MY UPPER CASE AS I SUFFER FROM AMD-WET AND ALMOST BLIND.
Best Information thanks
“Users who want to be even safer may want to explore options to fully encrypt the device; this adds another layer of security to the sign-in process”
Doesn’t seem to apply anymore. Enabling bitlocker on windows 11 doesn’t add any extra step. The drive is decrypted by windows hello OR offline user password.
I just want a local password, and I want Microshaft to BUTT OUT. I don’t want a Microshaft account or online resources or one drive or any of their bullshit. JUST LET ME OPEN MY DAMNED COMPUTER!!!!!!!