|
Doesn't look like that on my computer.
Oddly enough, my old computer, same os, same domain, doesn't have this crap.
Or at least not enabled by default and not possible to switch off.
Wrong is evil and must be defeated. - Jeff Ello
Never stop dreaming - Freddie Kruger
|
|
|
|
|
Removing it from login could be done using local policy.
Now the mail client want's to force me to use a pin for my hotmail account.
Idiots!
Wrong is evil and must be defeated. - Jeff Ello
Never stop dreaming - Freddie Kruger
|
|
|
|
|
Now you know the real meaning of the term AI, it's turning into ai-ai-ajaijai!
|
|
|
|
|
Oh - sorry. I thought when you said "new laptop" you meant plastic surgery on your thighs. Or, at least a new pair of pants.
My mistake.
Ravings en masse^ |
---|
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein | "If you are searching for perfection in others, then you seek disappointment. If you seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010 |
|
|
|
|
|
I figured he meant a cat.
Real programmers use butterflies
|
|
|
|
|
The "Hello" works fine on my Surface: I turn it on, it sees me, it unlocks. Takes no time or effort, and I'm unlikely to leave my face behind ...
And as for the pin ... is it more secure! Logging In With A PIN Is Safer Than A Password | Bruceb Consulting[^]
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
caveat with that logic, maybe?
I do not synch my devices - I like the security of lonely isolation. Getting into any of them does just that - gets you into that device and no more.
No fingerprint or facial recognition enabled devices.
Maybe I missed something on that reading.
Ravings en masse^ |
---|
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein | "If you are searching for perfection in others, then you seek disappointment. If you seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010 |
|
|
|
|
|
Jörgen Andersson wrote: Also, how the f*** is a pin-code supposed to be safer than a password?
I also wondered about that and didn't like that suddenly my 64 character Windows password was going to be replaced with a 4 digit PIN. Then I learned that the PIN is only stored on your local computer. If you have a Windows account and try to use that PIN when logging onto another computer then the PIN won't work there*.
*I learned this when I finally tried out the PIN on my laptop but it didn't work on my desktop.
So, actually the PIN is a bit more safe than expected because the person who would try to hack your device would have to have physical access to it.
Don't know why they don't explain that more clearly, like "this PIN only works on this device" or something.
|
|
|
|
|
Sooo... they can't send it to you or set a new one if you forget it?
|
|
|
|
|
No. You have to log in using another method - password for example - and then reset the pin and select a new one.
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
I don't believe they can. Actually, someone from work (on Network team) had mentioned this about one of their older family members. She had forgot the PIN and forgot her original password. All you can do is reset your password after that.
|
|
|
|
|
raddevus wrote: Then I learned that the PIN is only stored on your local computer. If you have a Windows account and try to use that PIN when logging onto another computer then the PIN won't work there*.
Unless, of course, you've used the same PIN on all the machines. Which most people will be doing. ("Thank God, I don't have to remember 20-character passwords that need to be changed every 60 days! These four digits will be good forever!")
|
|
|
|
|
GenJerDan wrote: "Thank God, I don't have to remember 20-character passwords that need to be changed every 60 days! These four digits will be good forever!")
well, yeah, there's that. And that does happen. It seems that the PIN basically unlocks a process that then submits the associated account's password to the sign on.
|
|
|
|
|
True and that's why my company doesn't allow using pins. It should be fine for your home computers unless you think someone will still your stuff In that case, all bets are off.
|
|
|
|
|
But to log you on to the domain your windows password hash still needs to be sent over the network to the server.
The only thing they have managed is to lower the local security.
Wrong is evil and must be defeated. - Jeff Ello
Never stop dreaming - Freddie Kruger
|
|
|
|
|
Jörgen Andersson wrote: The only thing they have managed is to lower the local security.
Well, yeah, but again, it's about the fact that the person is then has physical control over the device. If they have that, then maybe you're toast anyways?? It's all how you look at it.
|
|
|
|
|
The way I look at it is that they have managed to create the extreme opposite of Single Sign On.
And as we know, the weakest link is the users.
Wrong is evil and must be defeated. - Jeff Ello
Never stop dreaming - Freddie Kruger
|
|
|
|
|
Okay, I do UNDERSTAND using a PIN, and I thought the same thing at first.
Then, I started working on a TABLET for a product I am creating.
You know what REALLY sucks. Typing a complicated password with a virtual keyboard and a touch screen!
You know how much easier it is to have a PIN. And here is an interesting side effect. Every device uses a different user login, but is programmed with the same pin. The users have to have the device in hand, and know the pin. But one pin unlocks all devices to use the software. If I remotely CHANGE the password, then the PIN SHOULD FAIL to log you in! (Because it saves the cached, hash, as I understand it).
From a management standpoint of multiple, shared devices. I am sold. If you lose a device, I assume you change your password, and the PIN becomes useless across all of your devices. If that is the case, then it's actually not a bad compromise. Especially given that you need physical access to the device.
But the Auto-Install Hello and Cortana, etc. Plus the COUNTLESS HOURS to run windows update... I am starting to miss MS-DOS 5.0 a LOT. LOL.
|
|
|
|
|
So, give me a choice.
Wrong is evil and must be defeated. - Jeff Ello
Never stop dreaming - Freddie Kruger
|
|
|
|
|
The choice WAS there!
You can turn off the pin feature.
I did for a while...
Or did that take that away?
[It WAS on the screen where you reset the pin]
I say this, after I just witnessed the 2004 upgrade CHANGING the virtual keyboard, making the keys smaller by adding a USELESS Margin, and removing 2 options of keyboard that we were USING. It ruined 3 teams for an entire day, re-acclimating to a new virtual keyboard. I could strangle someone at MSFT!
|
|
|
|
|
I never looked into it - thanks for point out the PIN is stored locally.
So instead of having to remember a single long, complex password to log into multiple machines, you have to remember a different PIN for each device.
And if you start using the same PIN on each device, then an attacker only has to crack a stupid 4-digit value.
Doesn't seem like much of a win to me.
|
|
|
|
|
dandy72 wrote: And if you start using the same PIN on each device, then an attacker only has to crack a stupid 4-digit value.
Doesn't seem like much of a win to me. |
But if you use it just for your laptop -- or vice versa (not your desktop also) then it might be helpful. I don't know.
It's probably good for your grandma you can set her password to be extremely strong (64 characters) and then only require her to input a 4 digit PIN. Then whenever she gets entirely locked out, you reset her account password.
|
|
|
|
|
I use the same PIN for both laptop and desktop.
|
|
|
|
|
I am so used to pin codes being non-static that I had to think for a few seconds to understand your problem. About 20 years ago, the banks developed a common system using a fob-like "code chip": It generates a new 6-digit pin code every time you push the button. This code is typed is sent to the web site, which passes it on to a central server for verification.
I believe (or, call it a "qualified guess") that the fob has a built-in clock, and the 6-digit code is a hash of the current time, the hash (/encryption) key being different for each fob. It cannot be accessed; trying to open the fob will destroy it. The verification server is the only one knowing the key: It can hash the current time with the same way key as the fob did, and check if the PIN received is identical to what it calculates itself.
This relies on the verification server knowing which fob generated the pin. For banking services, you log in by you unique "personal number" (roughly similar to the US Social Security Number). So, a given fob is personal; there is a strict one-to-one relationship between fob and person. (Except that nowadays, you can use an app on your smartphone as a fob replacement, so you can have both
a "physical" and a smartphone fob, i.e. one-to-two.)
It started with banks only. Today, almost all services that need to indentify you uniquely (health services, information services and digital communication with authorities, credit card companies, ...) use the verification server of the banks. It works very well, and is considered very safe. (The pin code is only one factor in 2FA: You also provide a password, so a thief who grabs your fob cannot make any use of it, unless he forces you to reveal your password as well.)
This kind of pin code is certainly more safe than the password written on that yellow sticker taped to the underside of your keyboard.
|
|
|
|
|
Jorgen, calling it a PIN is a bit misleading, it can contain letters also, so it's really a password.
I got a Windows 10 laptop for the first time only a couple of months back, and I'm using a "proper" password with letters, even though it's still labelled a PIN.
How to set an alphanumeric PIN on Windows 10
Cheers,
विक्रम
"We have already been through this, I am not going to repeat myself." - fat_boy, in a global warming thread
|
|
|
|