Windows Logon, Which is Safer, Password or Pin?

Pin Code Makes Windows 10 Insecure!

Learn why Windows Defender is wrong when it comes to accounts being insecure when you do not use a Pin.

Episode #11-39 released on May 25, 2021

Watch on Youtube
Download MP3 Audio

It is incredible to believe that Microsoft believes that your Windows 10 installation needs something better than a password. The only thing that would be better than a password, would be two factor authentication, however, they have opted to force users who cannot use Windows Hello by fingerprint or facial recognition, to default to using a pin code, and if you do not use an insecure pin, Windows Defender will tell you, that you are insecure. Today, learn why that is a problem.

A pin code is typically 4 to 6 digits long, only contains numbers and that is an issue. A 4-digit pin only has 10000 possibilities, a 6-digit pin code has only 1 million possibilities. If you had a pin code comprised of lower case and upper-case letters, and numbers, there are already 14,776,336 possibilities, and that with just 4 characters. However, passwords have 8 characters or more usually.

An 8-character password, which is usually the minimum length, is considered weak in itself, however, that being said, there are 218,340,105,584,896 possibilities, given access to all upper-case and lower-case alphabet and all digits. The addition of more special characters would make increase the total possibilities, and the more possibilities for a password, the harder it is to crack, too.

Which brings us to the ultimate issue with Windows. On most well-built websites, the number of chances given to log into a website is significantly lower compared to the chances given within Windows. You only need to restart your computer in order to gain access to the login prompt if Windows tried to stop you, this is, unless you actually setup Windows in order to have a maximum number of login attempts, which is typically only done is a business setting. This means that if someone stole your laptop and it was encrypted, it would only be as safe as the means you used to secure it. If you use a long password, then it will take the attackers a lot longer than if you used a pin code.

My ruling on Microsoft is simple, too many decisions are taken to give a false sense of security. And too many corners are cut on security itself.

Host : Steve Smith | Music : | Editor : Steve Smith | Producer : Zed Axis Dot Net

Community Comments

Share your thoughts, opinions and suggestions

Login or Register to post Your comment.