Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

How Can a PIN Be As Secure as a Password?

//
I get that the whole sign in-with-a-PIN thing in Windows 10 is convenient, but how can my 4 digit PIN possibly be as secure as my Microsoft account sign in password?

It can be as secure – perhaps even more secure – because it’s actually used in a slightly different way.

You can also choose to increase its security by using some of the same techniques we use for passwords in general.

Become a Patron of Ask Leo! and go ad-free!

Scope: the big difference

The single biggest difference between using a PIN and a Microsoft account password to sign in to your machine is that the PIN only works on the specific machine for which you set it up.

What that means is that even if someone knows your PIN, the only thing they’ll have access to immediately is your machine. Not that that isn’t a problem – it could be – and it could lead to bigger problems, depending on how securely you treat your machine and the information on it.

But ultimately it falls into the same bucket I call “physical security”. If your machine isn’t physically secure, it’s not secure. With or without your PIN to sign in, anyone who has access to your machine can use any number of techniques to get at its contents.

The only time having an “easy” or automatic sign-in puts you at additional risk is if you have saved log-ins, saved passwords, or if you use BitLocker to encrypt your data. In those cases, the ability to log in could allow access …

… but it all still requires physical access to the machine.

Usage: the unexpected side effect

PIN sign inOne of the concerns many people have is a fear of keyloggers.

Keyloggers are a form of malware that, when installed on your machine, secretly record your keystrokes and send the recording to hackers elsewhere on the internet. Sign in to a website, for example, and the keystroke logger records both your username and password. Only something like multi-factor authentication can save your account from being hacked in a case like that.

They can record a PIN sign-in all they like, and it won’t get them anything. The PIN only works on your machine. Even if you use it to log in to your Microsoft account on your machine, that PIN is completely useless everywhere else.

There’s an argument that using a PIN is actually more secure, since you never actually type your Microsoft account password into your machine. Keyloggers can’t log what you never enter.

Strength: treat it like a password

If a PIN still makes you uncomfortable, consider treating it like a password.

The best way to make a password more secure? Make it longer.

There’s nothing that says you have to use your 4-digit ATM PIN as your Windows sign-in PIN. Use something longer … much longer, if you like. Just as adding a character to your regular password makes it exponentially stronger, the same applies to your PIN. Just add digits.

You may find that even lengthy digit-only “passwords” are significantly easier to type than an equivalent password.

Local accounts: PINs are convenient

Using a PIN is, I believe, intended as a way to make signing in with your Microsoft account more convenient, and, as we’ve seen, perhaps even a little more secure (by not having to type in your actual account password).

Signing in with a local account is similar to signing in using a PIN in one regard: that local account password is valid only on that machine – it’s local. It doesn’t represent any additional vulnerability beyond actually accessing your actual computer.

The downside, of course, is that signing in with a local account doesn’t get you any of the benefits of signing in with a Microsoft account, like synchronized settings across machines, integration with the Microsoft Store, and several Microsoft apps and applications. Nonetheless, it’s a choice some people make for a variety of reasons.

And, yes, you can sign in to a local account using a PIN as well, though the benefit is primarily about convenience.

Play

19 comments on “How Can a PIN Be As Secure as a Password?”

  1. 4 digit pins are quite easy to sniff out as there really are not very many combinations of 4 numbers, however passwords are better because there are 26 letters in the alphabet plus a choice of capitals and symbols too. It would take a hacker much longer to sniff these out.

    • Did you read the article? Hacker’s don’t have the same level of access for a PIN as they do for a traditional password. And the article directly addresses the steps you can take to make a PIN more secure.

  2. My biggest problem with the W10 pin is that there is no locking upon multiple failed attempts and it opens immediately when the correct pin is entered. For example, if you have the very uncommon and highly secure pin “1234”, someone can sit at the computer and keep trying. So if they tried the even more secure and slightly less common “123456”, they would get in after the 4th digit was entered. So, Leo, you are correct that to make it more secure, add more digits and don’t use something easy to guess.

  3. As an aside on a separate technical matter, and taking absolutely nothing away from the arguments, but purely to correct the use of a specific word, adding an extra digit to a PIN does not make it “exponentially” safer. It makes it 10 times safer, and adding a second extra digit makes that now safer 5-digit PIN 10 times safer yet. An exponentially safer PIN would get safer at an even faster rate.

    • Actually adding 1 digit makes it 10 times safer. 2 digits makes it 100 times (10^2) safer. 3 digits makes it 1000 (10^3) times safer. Maybe I should have said “geometrically” (I don’t think so) but it’s important that it not be thought of as linear. 🙂

  4. I’ve been computing for a decade, but this left me puzzled. I’m not alone in this I see. How does a PIN, (regardless of length), secure my local computer if I don’t enter it with keystrokes?
    Please re-visit this Leo and speak to those of us who need it on a bit more pedestrian level. Sorry about the density but If I don’t get it I usually have company.
    Thanks

    • Yeah, this seems somewhat nonsensical to me. If a keylogger is present on your system, it can log both the PIN and any passwords that you subsequently enter, including your Microsoft password (if you enter it). Leo’s contention would seem to be that you probably will not enter your Microsoft Account password after logging in with your PIN, so it will not be captured. While that may be true, any other passwords – banking, email, etc. – that you enter will be captured, and those passwords are likely more important than the one protecting your Microsoft Account.

      All in all, I think keyloggers are pretty irrelevant to this discussion.

  5. “The single biggest difference between using a PIN and a Microsoft account password to sign in to your machine is that the PIN only works on the specific machine for which you set it up.” – I’m somewhat puzzled. How’s a PIN tied to a device on a non-TPM enabled system?

  6. Hi Leo, I just wanted to add a comment about using your pin for sign in. You said you would lose synchronization across machines, but that didn’t happen with mine. I use a laptop and pin at work, and a desktop and password at home. I changed the desktop wallpaper on my home computer and the next day when I went to work, it was on the laptop when I fired it up. Kind of confused and surprised me since I really didn’t want it there.

  7. Leo, you did a valiantly great job explaining why MS decided to use a pin. But, I’ll present a perhaps cynical alternative rationale. This is the type of goof that happens all too often in software, or for that matter in technical designs: Someone comes up with what they think is a great idea, usually trying to “fix” what ain’t broken. Then they discover that there is a hole (i.e. problem) with the design, so instead of undoing the problem, they tack on a patch to problem and somehow rationalize it. MS wanted to tie in the MS account to all computer log-ins for their marketing, so in Windows 10 they said you must use your MS account rather than a machine password. Then they discovered that this scheme wasn’t so secure – specifically, not secure for MS. So they invented the pin concept to protect MS accounts from being hacked, but not lose the association between a computer and the MS account. If machine login security was a real concern, then they could have just as easily tied in your machine password to the hardware signature.

    What’s curious is that the pin doesn’t have to be all numbers. It can be configured to use letters and special characters. In other words, the same concept as the good old machine password, but now it’s tied to your hardware signature and indirectly to you MS account.

    Of course, as Leo already said, if someone has physical access to your machine, none of this matters anyway.

  8. I originally set up the machines in my house with MS account logins and a Home Group. We found that the logins were a nuisance because we use long passwords that aren’t easy to type. So we switched to PINs and the Home Group quit working.

    Has anybody else had this problem?

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.