In addition to Biometrics (Face ID and Fingerprint), Windows Hello provides the option to setup a PIN password to login to the computer, instead of using the actual password that is linked to your Microsoft account.
In-fact, the default setting in Windows is to hide or prevent the password login option from appearing; which appears to have irked a section of Windows users, who have not at all been shy in expressing their displeasure and objections to this issue in user forums.
Hence, let us go ahead and explore whether Windows Hello PIN is inherently more secure than a regular password; which millions of PC users have become accustomed to using.
Password Vs Windows Hello PIN
A Major difference between a password and Windows Hello Pin is that the password is stored on Microsoft’s cloud servers; while Windows Hello PIN is stored directly on the device itself and it never leaves your device.
This means that anyone that manages to steal your PIN cannot do anything with it, unless he/she also manages to get access to the particular device to which the PIN is linked. In the case of a password; anyone that knows the password can gain access to Microsoft Account, OneDrive, Xbox, Microsoft 365 and Outlook/Hotmail accounts by using any device that is connected to the Internet.
However, Windows Hello is not just about using a PIN instead of password; it is built on completely different security model; based on eliminating shared secrets and using hardware-bound cryptography, anti-phishing and anti-hacking design to provide a much higher level of security.
1. Eliminates Shared Secrets
When you Login to the computer using Microsoft Account, you are making use of shared secrets (Email Address and password), which are known to both you and Microsoft.
The problem with “shared secrets” is that they can be stolen, guessed, phished, intercepted and used across sites that they are linked to.
Windows Hello eliminates shared secrets by making use of a public key (stored with Microsoft) and a public key (stored on the device) to authenticate your login to Windows.
2. PIN is Protected by Security Chip
The core protection to PIN on a Windows computer is provided by TPM (Trusted Platform Module); which is a hardware-bound security chip designed to protect its data from being guessed, phished, hacked, extracted via brute-force or by using any other method.
In-fact, the TPM is much more than just a hardware-bound security chip. It is a self-contained security process with its own processor, memory and firmware; which allows it to securely hold the private keys and enforce strict access controls to prevent Windows or any other software from reading or extracting the private keys and other sensitive data stored it.
3. PIN Uses a Unique Authentication Process
When a Windows Hello PIN is setup, Windows request the TPM to generates an asymmetrical set of public-private key pairs. The private-key remains within the device (gets hardware-bound) and the public-key is sent to Microsoft; in order to be linked to your Microsoft Account.
When you enter the PIN to login, Windows unlocks the TPM and initiates a sign-in request to Microsoft using your Windows Hello credential ID (not the PIN). This makes Microsoft to send back a cryptographic challenge to Windows, which can only be signed by the holder of the private key.
Hence, Windows sends the challenge from Microsoft to TPM, which makes use of the private key to sign the challenge and Windows sends the signed challenge to Microsoft for verification by using the public-key linked to your Microsoft account.
Windows passes the cryptographic challenge to TPM, which makes use of the private-key to sign the challenge and Windows sends back the signed challenge to Microsoft for verification by using the public-key linked to your Microsoft account.
4. PIN Can be As Complex As Password
When it comes to PINs, users automatically assume a 4-digit numeric PIN; which makes it look inherently less secure than a complex word, phrase or an alpha-numeric password.
However, the true picture is that a Windows Hello PIN can be made as complex as any password by enabling the option to use letters and characters in PIN; as provided in this guide: How to Use Password Instead Of PIN to Login to Windows.
Main Objections to Use of PIN in Windows
The main objection to use of PIN by users of Windows computers are focused on the requirement to manage an additional credential, inability to use the PIN across multiple devices and the way Microsoft is trying to make the PIN mandatory.
1. Additional Credential
Since, the PIN does not replace the password; it becomes an additional credential that users need to remember, in addition to remembering the actual password linked to their Microsoft accounts.
This requirement becomes challenging; when users become concerned about a simple four-digit numeric PIN being easy to guess and find the need to create a complex PIN; comprising of letters, numbers and special characters.
2. Privacy & Security Risks
Compared to passwords, a simple four-digit PIN can be easily seen and remembered by people in open-plan offices, coffee shops and while using the computer in a bus, train or plane.
When a device is stolen, a simple four-digit numeric PIN should be easier to guess; compared to a long randomized password.
3. Device Limitation
Unlike a password, which can be used on any device; the PIN is linked to the actual device on which it was created and it cannot be used on any other device.
While this can be described as security feature of the PIN, it is seen as a limitation by those who are opposed to the PIN.
4. Mandatory Enrolment
As mentioned above, the default setting in Windows is to hide the password login option and prompt users to login using Windows Hello supported credentials like PIN, Face ID and Fingerprints.
Also, Windows is known to force users into creating a PIN; when they try to setup Windows Hello features like Face ID and Fingerprint recognition.
5. PIN-based Errors
A PIN-based login system can fail; if the Ngc folder (holds encrypted PIN data), TPM-related system files get corrupted or Windows Hello services & sign-in cache gets damaged.
While a password-based login system can also fail, the possibilities of a PIN-based login system failing are greater due to greater number of OS components being involved in the process.
PIN vs Password Conclusion
While users are justified in objecting to the way Microsoft appears to be pushing the PIN over password, it can also be argued that Microsoft has simply chosen to make the safer option (PIN) as the default in its Windows operating system.
Those who do not want to use a PIN can disable “only allow Windows Hello sign-in for Microsoft accounts” option; which re-enables the password login option for Microsoft Accounts.
As far as the security aspect is concerned, it can be clearly see that Windows Hello PIN makes use of a unique way to authenticate users; which totally prevents the possibility of your Microsoft Account password being compromised.