Just mentionned that the possibility exists for those who are interested anyway or say the contrary. I've never said that's a good idea to enable the PIN complexity but I agree with you Entegy, a complex PIN will make adoption of Windows Hello difficult and also a risk that users put the same complex PIN code as the domain password. Could be even more than two if users have more than Consequence is we have to accept Windows Hello users have to remember at least two passwords. PIN code is safer because only valid for the local machineĬonclusion: You should not disable PIN code, and I think that why for security reasons MS doesn't allow that. This is exactly conflicting with the primary goal of Windows Hello which is to avoid the use of the AD password (except during provisioning). (i.e just disable your sensor an/or cam device) in order to force you to use your keyboard and steal your credentials: user will fallback typing the AD password also.
![mk typist pin mk typist pin](https://spainae.es/shopspa/1148-large_default/mk-type-relays-8-and-11-pin.jpg)
Now for some reason, a user can't use biometric, indeed it's impossible to ensure that a biometric will always recognize a user contrary to a (complex) PIN code you will be always be able to type: so your user will have to type theĪnother possibility is an attacker who takes your biometrics devices down Imagine Windows Hello allows disabled PIN code, you have disabled it and users can only use biometrics or AD password. Please, allow us to use the MS Account password instead of the PIN! The PIN is useless. It's not? Because if someone's able to breach the MS cloud security, then then don't really need access to my device, as they already have access to all the sensitive info in the cloud. If the only other place where the MS Account password is stored is the MS cloud, then it should be completely safe. You can store the MS Account password there as well. Storing the PIN inside the TPM is no argument.
Mk typist pin full#
The PIN, as it is defined now, is much easier to steal than a full password - for example when a hidden camera is watching you - while you And I am very disappointed thanks to this enforced policy. Scanner on the type cover, upgrading from my previous SP3.
![mk typist pin mk typist pin](https://mechanicalkeyboards.com/shop/images/products/large_DKON1861ST-USPDAZT1_3.png)
Recently I bought Surface Pro 4 with Hello facial recognition and a fingerprint I take security very seriously - two factor authentication is the minimum standard for me, I use VPN everywhere, I have TPM chips and full encryption enabled on all my devices.
Mk typist pin windows 10#
Especially since the PIN can only be a numeric sequence, as Windows 10 won't let you use anything else than numbers. Nobody is going to convince me, that a simple PIN is more secure than a complex password.