#22742 Disable PINs?
Resolved
Created Jan 31, 2023, 4:33 PM
Resolved Feb 2, 2023, 12:02 AM
System (internal)
Jan 31, 2023, 4:33 PM
Check-in (internal)
Jan 31, 2023, 4:33 PM
Hey Peet. I’ve got a question for you about log-in access. I’m wondering if my computer is set up correctly? It is allowing me to log into the computer under my user name with only my pin, rather than the full, long pw. I’m guessing that is something we should change? And can we check that the other users are required to use their PW, rather than a pin? Call me if you want to chat about it. I’ve got meetings in the morning today, but will be around all afternoon and available to chat. Thx, Jill Jill M. Tripp, CFP® Stewart & Associates, PLLC 27 Fort Missoula Rd., Suite #1 Missoula, MT 59804 Ph: 406.541.3733 Fax: 406.541.3734
Artichoke Support - Peet (internal)
Feb 1, 2023, 5:12 PM
Using a local PIN is more secure than using a password locally. They help protect your online M365 password. With a PIN you can only access your physical computer and must have physical access to the computer to do so. Some of the reasons pin's are more secure: - tied only to specific machines - require physical access to the machine - have anti-brute force measures enabled and are disabled after X attempts - enable users to not enter their online Microsoft passwords Was there a specific recommendation to not use PIN's? If so was there an explanation of why it would be considered more secure? Thanks.Peet
customer-reply (internal)
Feb 1, 2023, 9:13 PM
So, long story short, the only risk is someone stealing my computer and managing to figure out my PIN before it gets disabled? What about Sherie’s computer that sits on her desk all the time…do you see that as a risk? Thanks, Peet! Just want to make sure I understand. JT From: Artichoke Support - Peet <[email protected]> Sent: Wednesday, February 1, 2023 10:12 AM To: Jill Tripp <[email protected]> Subject: Disable PINs? (message id: 64269163)
Artichoke Support - Peet (internal)
Feb 1, 2023, 9:46 PM
What I've not made clear here is that there are controls on the computer that stop the PIN from being attempted repeatedly. If you enter the PIN incorrectly too many times in too short of a period, the system slows down guessing by requiring random on-screen codes to work. If entered incorrectly 5 times the computer requires a restart. After restart entered incorrectly a few more times and the PIN and Biometrics are disabled until the user enters the correct user password. Since all this is tied to physically entering in the machine, and you all have 7-10 digit pins, it's virtually impossible to brute force a PIN. What's gained is not typing your login password which is tied to your 365 account. Of course, we have 2FA enabled, but by not typing your password at all you're not putting yourself in a position where even malware with keylogging can capture your password. That's an extreme illustration, but hopefully it helps the explanation. Here's Microsoft's explanation: https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password The base take away is that a PIN > Online Password. (But ignoring the fact that the PIN is better than the online password, the other takeaway here is that a PIN is required for Biometric authentication on WIN10/WIN11. Clear as mud? Cheers.Peet
customer-reply (internal)
Feb 1, 2023, 9:49 PM
Yes! That does help. Thanks for your patience with me. 😉 From: Artichoke Support - Peet <[email protected]> Sent: Wednesday, February 1, 2023 2:47 PM To: Jill Tripp <[email protected]> Subject: Disable PINs? (message id: 64269163)
Artichoke Support - Peet (internal)
Feb 2, 2023, 12:02 AM
Not a problem. Happy to help. Also know that when Windows Hello biometrics and PINs came out, it took me more than a bit to wrap my head around why PIN's were a GoodThing™. Cheers.Peet
| Started | Ended | Hours | Notes |
|---|---|---|---|
| No time entries | |||