Windows Pin Security: 4 digits strong enough?

All of us know that the recommended password length is increasing all the time. Currently a complex password is recommended to be 14 characters or more. Instead of a long and complex password, you can also login using Windows Pin Security. The Windows 10 Pin can be as short as 4 digits. Pin is considered to be BETTER than a password. However, the pin looks fairly weak. Is it not?

On the face of it, yes. PIN appears to be grossly inadequate as a protection mechanism. But it is not. Obviously, Microsoft must have thought about it! How is the Windows Pin Security strong enough? Here are the reasons:

Why Windows Pin Security is better than passwords?

  1. PIN works only on that device. Therefore, even if someone knows your PIN, they need physical access to your PC.
  2. PIN is not visible on the network (Wi-Fi or network cable). Password can be stolen just by monitoring your Wi-Fi. PIN is typed locally on the PC. No chance of it being visible on the network.
  3. Many laptops have a special hardware chip for encrypting stuff. Using this chip to manage the PIN makes it impossible for hackers to find the pin. (This chip is called TPM. Never mind what it means.
  4. If someone steals the laptop, they have to guess the pin. As you would expect, there is a lockout setting with TPM chips. If the laptop does not have TPM, you can still use BitLocker and apply a group policy setting to limit failed logins.
  5. It is easy to get your passwords using various methods. Let us not go into details of what these methods are. What you need to remember is never to click on a random link in email or browser and never reveal the password to anyone. (period).
    If PIN is stolen from you, using the same methods which work with passwords, you are still safe because of the 4 reasons listed above.

If you forget your own pin, you must login using another method and reset the pin. Also note that if you enable biometric login (face recognition or fingerprint), creating a PIN is mandatory. Why so? Because, for whatever reason if biometric does not work, you need an equally secure alternative to login (login / password is less secure).  That is why you also need to set up a PIN. These new methods of secure login are called Windows Hello.

In short, if you have a choice, always use PIN (and biometric) instead of username and password with Windows 10.

Windows Pin entry button

Comments? Suggestions? Wish list?