The PIN on a Windows machine is a secondary credential to unlock the primary local credential, with the primary being your actual password.
Also, as mentioned in the sibling comment, PINs are just device-local credentials. They don't necessarily have to be numeric-only and can also be very long.
You can have your computer re-challenge you for a full password on some interval. So have it force you to use your password on your first login of the day, then you can use your PIN to hop back in during the day and then have the PIN option time out after so many hours. Same with any of the Hello credential options.
After too many failures with a PIN, it will disallow the PIN authentication entirely. So, its length isn't really a problem, it'll start to disallow PIN attempts after only a few wrong guesses. Once again, also configurable. Meanwhile, it'll always still allow a password although it'll start trying to slow you down on password attempts.
PINs are supposed to be stored on the TPM or similar secure platform module, they're not stored on the local computer storage. So, there's not some easily accessible file to do brute-forcing outside of the computer.
While consumer Windows isn't really Windows Hello for Business, the same basic ideas of PIN security are the same. Here's the FAQs on that which also go into some depth of why PINs over passwords:
I don't understand the purpose of this at all then. That sounds like I now need to remember two passwords, one with all the problems passwords always had and a second one that requires my device to be useful. I hardly think two different attack vectors is better than one attack vector security wise, especially if one of the two former vectors is also the single later.
I guess the idea is that it is easier to use. I just setup a PIN for Windows Hello. The PIN requirements were more strict than the password requirements, so that is hardly more convenient. Maybe this is punishment for not wanting to use a fingerprint or face scan which remain optional. For now anyway, it feels like all I did was get my goose half cooked and end up with two passwords whereas before I had one. Even if I did give my face scan or whatever, I still need to use my password to login to things so my original point about two attack vectors seems to still stand.
No, because the PIN is tied to the device and becomes invalid much more quickly. A Windows password is potentially used in far more places and potentially across many devices.
> I guess the idea is that it is easier to use
For many, it really is. On some of my devices which lack biometrics my pin is just a few numeric digits easily input with a small numberpad. The PIN is backed by the TPM which wipes it after too many failures. This is far faster and easier to type in than my full Microsoft account password which uses most of the normal complexity concepts such as length, mixed-case, letters+numbers+symbols, etc. Far easier to just type 4-6 digits (or however long you want it to be) instead of dozens of mixed-case alphanumerics and symbols.
For instance, I recently got a gaming handheld which runs Windows. I want to use my Microsoft account, but as mentioned its a long and complex password. It seems this device doesn't have any biometrics, so its either type in my very long password every time the screen locks on a software touch keyboard or just type in a short PIN backed by the TPM. Which seems like the better process?
> it feels like
You may feel that way, but a Windows Hello PIN is not a password. They're different things in many ways. I could continue throwing more documentation at you, but somehow I feel like continued facts aren't going to change your feelings about this.
> No, because the PIN is tied to the device and becomes invalid much more quickly. A Windows password is potentially used in far more places and potentially across many devices.
I'm talking about the password classic here. It didn't go away. It remains one of the now two methods for signing in. Now there is also a second one while the original still exists, is it more secure? I don't see how two doors is stronger than one.
All else being equal, two access methods are strictly less secure than a single access method. But is all else equal? I suspect that there are quite a few people who are willing to use a long, complicated password occasionally but who won't put up with that for passwords that are used frequently. If those people use better passwords when they can use a PIN to make routine access easy, that's a win.
You could have a strong account password which is needed for remotely accessing the PC, and a simple PIN for convenience but which only works when authenticating locally.
(I'm assuming this is a personal PC and not a corporate device, in which case this model is the same but the strong password is also used for many internal single sign on resources).
Usually you pair this with a Windows Hello camera for face sign-in so you skip the logon hassle when in front of your PC.
There are settings in the group policy editor to change the Windows Hello PIN settings, but it could depend on your Windows edition and whether you have admin rights.
For example, if I use gpedit.msc > Computer Configuration > Administrative Templates > PIN Complexity, I see:
Require digits, Require lowercase letters, Max PIN length, Min PIN length, etc
> You can have your computer re-challenge you for a full password on some interval. So have it force you to use your password on your first login of the day, then you can use your PIN to hop back in during the day and then have the PIN option time out after so many hours. Same with any of the Hello credential options.
That still requires making up and memorizing a PIN.
Sure, but a short numeric PIN you probably type in several times in a day is probably pretty easy to remember. And once again also far easier to type in many situations than a long complex password.
Or even better yet use biometrics instead of the PIN.
Also, as mentioned in the sibling comment, PINs are just device-local credentials. They don't necessarily have to be numeric-only and can also be very long.
You can have your computer re-challenge you for a full password on some interval. So have it force you to use your password on your first login of the day, then you can use your PIN to hop back in during the day and then have the PIN option time out after so many hours. Same with any of the Hello credential options.
After too many failures with a PIN, it will disallow the PIN authentication entirely. So, its length isn't really a problem, it'll start to disallow PIN attempts after only a few wrong guesses. Once again, also configurable. Meanwhile, it'll always still allow a password although it'll start trying to slow you down on password attempts.
PINs are supposed to be stored on the TPM or similar secure platform module, they're not stored on the local computer storage. So, there's not some easily accessible file to do brute-forcing outside of the computer.
While consumer Windows isn't really Windows Hello for Business, the same basic ideas of PIN security are the same. Here's the FAQs on that which also go into some depth of why PINs over passwords:
https://learn.microsoft.com/en-us/windows/security/identity-...