So I got a new laptop...
-
WTF is this "Windows Hello" bullshit! And how do I disable it Also, how the fuck is a pin-code supposed to be safer than a password? Rant over.
Wrong is evil and must be defeated. - Jeff Ello Never stop dreaming - Freddie Kruger
The "Hello" works fine on my Surface: I turn it on, it sees me, it unlocks. Takes no time or effort, and I'm unlikely to leave my face behind ... And as for the pin ... is it more secure! Logging In With A PIN Is Safer Than A Password | Bruceb Consulting[^]
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony "Common sense is so rare these days, it should be classified as a super power" - Random T-shirt AntiTwitter: @DalekDave is now a follower!
-
WTF is this "Windows Hello" bullshit! And how do I disable it Also, how the fuck is a pin-code supposed to be safer than a password? Rant over.
Wrong is evil and must be defeated. - Jeff Ello Never stop dreaming - Freddie Kruger
Jörgen Andersson wrote:
Also, how the f*** is a pin-code supposed to be safer than a password?
I also wondered about that and didn't like that suddenly my 64 character Windows password was going to be replaced with a 4 digit PIN. Then I learned that the PIN is only stored on your local computer. If you have a Windows account and try to use that PIN when logging onto another computer then the PIN won't work there*. *I learned this when I finally tried out the PIN on my laptop but it didn't work on my desktop. So, actually the PIN is a bit more safe than expected because the person who would try to hack your device would have to have physical access to it. Don't know why they don't explain that more clearly, like "this PIN only works on this device" or something.
-
Jörgen Andersson wrote:
Also, how the f*** is a pin-code supposed to be safer than a password?
I also wondered about that and didn't like that suddenly my 64 character Windows password was going to be replaced with a 4 digit PIN. Then I learned that the PIN is only stored on your local computer. If you have a Windows account and try to use that PIN when logging onto another computer then the PIN won't work there*. *I learned this when I finally tried out the PIN on my laptop but it didn't work on my desktop. So, actually the PIN is a bit more safe than expected because the person who would try to hack your device would have to have physical access to it. Don't know why they don't explain that more clearly, like "this PIN only works on this device" or something.
Sooo... they can't send it to you or set a new one if you forget it?
-
Sooo... they can't send it to you or set a new one if you forget it?
No. You have to log in using another method - password for example - and then reset the pin and select a new one.
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony "Common sense is so rare these days, it should be classified as a super power" - Random T-shirt AntiTwitter: @DalekDave is now a follower!
-
The "Hello" works fine on my Surface: I turn it on, it sees me, it unlocks. Takes no time or effort, and I'm unlikely to leave my face behind ... And as for the pin ... is it more secure! Logging In With A PIN Is Safer Than A Password | Bruceb Consulting[^]
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony "Common sense is so rare these days, it should be classified as a super power" - Random T-shirt AntiTwitter: @DalekDave is now a follower!
caveat with that logic, maybe? I do not synch my devices - I like the security of lonely isolation. Getting into any of them does just that - gets you into that device and no more. No fingerprint or facial recognition enabled devices. Maybe I missed something on that reading.
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein
"If you are searching for perfection in others, then you seek disappointment. If you seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010
-
Jörgen Andersson wrote:
Also, how the f*** is a pin-code supposed to be safer than a password?
I also wondered about that and didn't like that suddenly my 64 character Windows password was going to be replaced with a 4 digit PIN. Then I learned that the PIN is only stored on your local computer. If you have a Windows account and try to use that PIN when logging onto another computer then the PIN won't work there*. *I learned this when I finally tried out the PIN on my laptop but it didn't work on my desktop. So, actually the PIN is a bit more safe than expected because the person who would try to hack your device would have to have physical access to it. Don't know why they don't explain that more clearly, like "this PIN only works on this device" or something.
raddevus wrote:
Then I learned that the PIN is only stored on your local computer. If you have a Windows account and try to use that PIN when logging onto another computer then the PIN won't work there*.
Unless, of course, you've used the same PIN on all the machines. Which most people will be doing. ("Thank God, I don't have to remember 20-character passwords that need to be changed every 60 days! These four digits will be good forever!")
We won't sit down. We won't shut up. We won't go quietly away. YouTube, and My Mu[sic], Films and Windows Programs, etc. and FB
-
Jörgen Andersson wrote:
Also, how the f*** is a pin-code supposed to be safer than a password?
I also wondered about that and didn't like that suddenly my 64 character Windows password was going to be replaced with a 4 digit PIN. Then I learned that the PIN is only stored on your local computer. If you have a Windows account and try to use that PIN when logging onto another computer then the PIN won't work there*. *I learned this when I finally tried out the PIN on my laptop but it didn't work on my desktop. So, actually the PIN is a bit more safe than expected because the person who would try to hack your device would have to have physical access to it. Don't know why they don't explain that more clearly, like "this PIN only works on this device" or something.
But to log you on to the domain your windows password hash still needs to be sent over the network to the server. The only thing they have managed is to lower the local security.
Wrong is evil and must be defeated. - Jeff Ello Never stop dreaming - Freddie Kruger
-
Maybe this will help: How to disable Windows Hello[^] It seems the AI boys were bored and Microsoft gave them something to do :-\
Doesn't look like that on my computer. Oddly enough, my old computer, same os, same domain, doesn't have this crap. Or at least not enabled by default and not possible to switch off.
Wrong is evil and must be defeated. - Jeff Ello Never stop dreaming - Freddie Kruger
-
WTF is this "Windows Hello" bullshit! And how do I disable it Also, how the fuck is a pin-code supposed to be safer than a password? Rant over.
Wrong is evil and must be defeated. - Jeff Ello Never stop dreaming - Freddie Kruger
I am so used to pin codes being non-static that I had to think for a few seconds to understand your problem. About 20 years ago, the banks developed a common system using a fob-like "code chip": It generates a new 6-digit pin code every time you push the button. This code is typed is sent to the web site, which passes it on to a central server for verification. I believe (or, call it a "qualified guess") that the fob has a built-in clock, and the 6-digit code is a hash of the current time, the hash (/encryption) key being different for each fob. It cannot be accessed; trying to open the fob will destroy it. The verification server is the only one knowing the key: It can hash the current time with the same way key as the fob did, and check if the PIN received is identical to what it calculates itself. This relies on the verification server knowing which fob generated the pin. For banking services, you log in by you unique "personal number" (roughly similar to the US Social Security Number). So, a given fob is personal; there is a strict one-to-one relationship between fob and person. (Except that nowadays, you can use an app on your smartphone as a fob replacement, so you can have both a "physical" and a smartphone fob, i.e. one-to-two.) It started with banks only. Today, almost all services that need to indentify you uniquely (health services, information services and digital communication with authorities, credit card companies, ...) use the verification server of the banks. It works very well, and is considered very safe. (The pin code is only one factor in 2FA: You also provide a password, so a thief who grabs your fob cannot make any use of it, unless he forces you to reveal your password as well.) This kind of pin code is certainly more safe than the password written on that yellow sticker taped to the underside of your keyboard.
-
Jörgen Andersson wrote:
Also, how the f*** is a pin-code supposed to be safer than a password?
I also wondered about that and didn't like that suddenly my 64 character Windows password was going to be replaced with a 4 digit PIN. Then I learned that the PIN is only stored on your local computer. If you have a Windows account and try to use that PIN when logging onto another computer then the PIN won't work there*. *I learned this when I finally tried out the PIN on my laptop but it didn't work on my desktop. So, actually the PIN is a bit more safe than expected because the person who would try to hack your device would have to have physical access to it. Don't know why they don't explain that more clearly, like "this PIN only works on this device" or something.
I never looked into it - thanks for point out the PIN is stored locally. So instead of having to remember a single long, complex password to log into multiple machines, you have to remember a different PIN for each device. And if you start using the same PIN on each device, then an attacker only has to crack a stupid 4-digit value. Doesn't seem like much of a win to me.
-
Maybe this will help: How to disable Windows Hello[^] It seems the AI boys were bored and Microsoft gave them something to do :-\
Removing it from login could be done using local policy. Now the mail client want's to force me to use a pin for my hotmail account. Idiots!
Wrong is evil and must be defeated. - Jeff Ello Never stop dreaming - Freddie Kruger
-
Jörgen Andersson wrote:
Also, how the f*** is a pin-code supposed to be safer than a password?
I also wondered about that and didn't like that suddenly my 64 character Windows password was going to be replaced with a 4 digit PIN. Then I learned that the PIN is only stored on your local computer. If you have a Windows account and try to use that PIN when logging onto another computer then the PIN won't work there*. *I learned this when I finally tried out the PIN on my laptop but it didn't work on my desktop. So, actually the PIN is a bit more safe than expected because the person who would try to hack your device would have to have physical access to it. Don't know why they don't explain that more clearly, like "this PIN only works on this device" or something.
I use the same PIN for both laptop and desktop.
-
Removing it from login could be done using local policy. Now the mail client want's to force me to use a pin for my hotmail account. Idiots!
Wrong is evil and must be defeated. - Jeff Ello Never stop dreaming - Freddie Kruger
Now you know the real meaning of the term AI, it's turning into ai-ai-ajaijai! :-\
-
Oh - sorry. I thought when you said "new laptop" you meant plastic surgery on your thighs. Or, at least a new pair of pants. My mistake.
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein
"If you are searching for perfection in others, then you seek disappointment. If you seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010
I figured he meant a cat.
Real programmers use butterflies
-
Sooo... they can't send it to you or set a new one if you forget it?
-
raddevus wrote:
Then I learned that the PIN is only stored on your local computer. If you have a Windows account and try to use that PIN when logging onto another computer then the PIN won't work there*.
Unless, of course, you've used the same PIN on all the machines. Which most people will be doing. ("Thank God, I don't have to remember 20-character passwords that need to be changed every 60 days! These four digits will be good forever!")
We won't sit down. We won't shut up. We won't go quietly away. YouTube, and My Mu[sic], Films and Windows Programs, etc. and FB
GenJerDan wrote:
"Thank God, I don't have to remember 20-character passwords that need to be changed every 60 days! These four digits will be good forever!")
well, yeah, there's that. And that does happen. It seems that the PIN basically unlocks a process that then submits the associated account's password to the sign on.
-
But to log you on to the domain your windows password hash still needs to be sent over the network to the server. The only thing they have managed is to lower the local security.
Wrong is evil and must be defeated. - Jeff Ello Never stop dreaming - Freddie Kruger
Jörgen Andersson wrote:
The only thing they have managed is to lower the local security.
Well, yeah, but again, it's about the fact that the person is then has physical control over the device. If they have that, then maybe you're toast anyways?? It's all how you look at it.
-
I never looked into it - thanks for point out the PIN is stored locally. So instead of having to remember a single long, complex password to log into multiple machines, you have to remember a different PIN for each device. And if you start using the same PIN on each device, then an attacker only has to crack a stupid 4-digit value. Doesn't seem like much of a win to me.
dandy72 wrote:
And if you start using the same PIN on each device, then an attacker only has to crack a stupid 4-digit value. Doesn't seem like much of a win to me.
But if you use it just for your laptop -- or vice versa (not your desktop also) then it might be helpful. I don't know. It's probably good for your grandma you can set her password to be extremely strong (64 characters) and then only require her to input a 4 digit PIN. Then whenever she gets entirely locked out, you reset her account password. :-D
-
Jörgen Andersson wrote:
The only thing they have managed is to lower the local security.
Well, yeah, but again, it's about the fact that the person is then has physical control over the device. If they have that, then maybe you're toast anyways?? It's all how you look at it.
The way I look at it is that they have managed to create the extreme opposite of Single Sign On. And as we know, the weakest link is the users.
Wrong is evil and must be defeated. - Jeff Ello Never stop dreaming - Freddie Kruger
-
WTF is this "Windows Hello" bullshit! And how do I disable it Also, how the fuck is a pin-code supposed to be safer than a password? Rant over.
Wrong is evil and must be defeated. - Jeff Ello Never stop dreaming - Freddie Kruger
Jorgen, calling it a PIN is a bit misleading, it can contain letters also, so it's really a password. I got a Windows 10 laptop for the first time only a couple of months back, and I'm using a "proper" password with letters, even though it's still labelled a PIN. [How to set an alphanumeric PIN on Windows 10](https://www.addictivetips.com/windows-tips/set-alphanumeric-pin-on-windows-10/)
Cheers, विक्रम "We have already been through this, I am not going to repeat myself." - fat_boy, in a global warming thread :doh:
