You just explained a question I had.
I couldn’t figure out why a pin was considered more secure.
In my reasoning: How is a PIN (potentially numeric only), changed 1x a year, safer than a password (3 of 4: Alpha, Mixed case, numeric, special chars), changed 4x a year.
The answer, as you explained, is scope of trust. Machine only vs tenant-wide. That makes sense.
Windows Hello ties the PIN to the TPM of the computer. It’s not just you having a pin, its the pin + the crypto secret loaded on the device. Thats why its more secure then just a complex password.
That makes sense. Something you have (that specific machine) + something you know (your pin).
I used to work someplace where we all had a pin+a smart card that we’d insert into the machine, same idea except I could log into any machine with the card+pin combination.
Loved not having to remember a long AF password. Didn’t like having to drive home if I forgot my card on the kitchen counter.
…. Oh!
You just explained a question I had.
I couldn’t figure out why a pin was considered more secure.
In my reasoning: How is a PIN (potentially numeric only), changed 1x a year, safer than a password (3 of 4: Alpha, Mixed case, numeric, special chars), changed 4x a year.
The answer, as you explained, is scope of trust. Machine only vs tenant-wide. That makes sense.
Windows Hello ties the PIN to the TPM of the computer. It’s not just you having a pin, its the pin + the crypto secret loaded on the device. Thats why its more secure then just a complex password.
That makes sense. Something you have (that specific machine) + something you know (your pin).
I used to work someplace where we all had a pin+a smart card that we’d insert into the machine, same idea except I could log into any machine with the card+pin combination.
Loved not having to remember a long AF password. Didn’t like having to drive home if I forgot my card on the kitchen counter.
The problem is, if someone does get physical access to the machine, you’ve just made breaking into it much easier.
Edit: that’s assuming the smart card is using rfid.
Just keep the card in your anus