Windows 10 - logging in with a PIN

Windows 10 allows you to log in with a PIN instead of a password.  In fact, you’re required to set up a PIN before you can set up Windows Hello to log in with a fingerprint or facial recognition.

A PIN is four or more numbers, exactly like the PIN for your debit card. Windows 10 starts immediately when you tap the last number – no need to hit Enter or click a button. You’ll be logged in faster than if you typed a long password.

Here’s the paradox: using a PIN is safer than using a password. That’s an interesting story that I’ll tell you down below. Let’s start with the rules for setting up a PIN to log into Windows.

 


How to set up a PIN in Windows 10

Windows 10 - setting up a PIN

Set up a PIN in Windows 10 by clicking on Start / Settings / Accounts / Sign-in options.

The PIN has to be at least four numbers. Type it in twice. Done! You can sign in to that computer with a PIN.

Strongly recommended for security:

•   Choose a PIN that has 6 numbers or more. (A phone number that you’ll remember – not yours – is a good choice.)

•   Use a different PIN on each computer.

•   Don’t use your debit card PIN.

Windows 10 - sign-in options

You’re not restricted to a PIN after you set it up. Click on Sign-in options to choose any of the methods set up on the computer. In the picture above that’s (1) “picture password” (drawing a pattern on a touchscreen), (2) password, (3) PIN, or (4) fingerprint. The computer will remember the one you choose and offer it as the default next time, but you can always pick whichever one you want.

 


Why a PIN is safer than a password

Windows 10 PIN - do not use 1234!

You probably log into your Windows 10 computer with your personal Microsoft account. That has lots of advantages. Many Windows settings are synced – wallpaper, Internet Explorer favorites, and more. You have access to personal files in OneDrive. Your OneNote notebooks are synced through that account. Skype runs through your personal Microsoft account. Your purchases from the Windows Store are tied to that account. If you use Outlook.com for email, it’s set up automatically in the Windows 10 mail app. It might be the account tied to your Office Home subscription.

But there is one side effect of that convenience. If someone compromises the password for your Microsoft account, they can log into all the computers tied to that account, and they have access to everything online tied to that Microsoft account. It’s not just a login password any more. It’s the entry into your devices, your documents, and the credit card on file at Microsoft.

A PIN only unlocks the device it’s physically set up on. The PIN is not synced with Microsoft. It’s powerfully encrypted and stored on a tamper-resistant TPM chip that is deeply armored against attacks. When you enter the correct PIN, the TPM chip uses more encryption tricks to send an authentication key to Microsoft and log you into your account. The PIN Is never transmitted online; it never leaves the computer. There’s more information from Microsoft in this article about PIN security.

Most password hacks are carried out by remote hackers. A PIN can only be used by someone with physical possession of the computer. That’s a significant security advantage. If malware on your computer is monitoring your keystrokes and sending them back to a bad guy in Pottsylvania, Boris Badenov might learn your PIN but he can’t do anything with it.

That’s not the only protection built into the PIN. Theoretically it seems easier to guess a PIN than a password, right? That’s why Windows 10 only allows four incorrect attempts to enter a PIN. After four tries, the system requires a character string to be entered (A1B2C3) to ensure that the system is not under attack by an automated bot. After one more incorrect attempt, the computer has to be restarted. And if that sequence is repeated again, the PIN is blocked and can no longer be used.

The effect is that using a PIN actually provides more security than even the most complex password. If someone next to you at Starbucks watches you type in your PIN, they still can’t do anything unless they also steal your laptop. Malware that is logging your keystrokes doesn’t care how complex your password is. Your online accounts are at risk if someone gets that complex password, but not if they get your PIN.

Now the suggestions above for security make more sense.

•   It’s pretty easy for someone next to you to watch you and memorize a four digit PIN. Make it six digits or more. Choose something you’ll remember but someone else won’t guess. Oh, and it should go without saying – be smart and don’t choose 1234 or something like it, eh? (Three quarter of a million people used 123456 for their LinkedIn password. Don’t call me if you get hacked because you had a stupid password. I will berate you and make you feel small.)

•   A big reason that a PIN increases your security is that it only unlocks a single device. If you use the same PIN for your debit card and your phone and your computer, that misses the point. Figure out a system so the PINs are different!

Now go set up a PIN on your Windows 10 computers. This is one of those rare and wonderful tips that makes your life easier. Put it to good use. And be careful out there!

Share This