You just explained a question I had.
I couldn’t figure out why a pin was considered more secure.
In my reasoning: How is a PIN (potentially numeric only), changed 1x a year, safer than a password (3 of 4: Alpha, Mixed case, numeric, special chars), changed 4x a year.
The answer, as you explained, is scope of trust. Machine only vs tenant-wide. That makes sense.
Windows Hello ties the PIN to the TPM of the computer. It’s not just you having a pin, its the pin + the crypto secret loaded on the device. Thats why its more secure then just a complex password.
That makes sense. Something you have (that specific machine) + something you know (your pin).
I used to work someplace where we all had a pin+a smart card that we’d insert into the machine, same idea except I could log into any machine with the card+pin combination.
Loved not having to remember a long AF password. Didn’t like having to drive home if I forgot my card on the kitchen counter.
…. Oh!
You just explained a question I had.
I couldn’t figure out why a pin was considered more secure.
In my reasoning: How is a PIN (potentially numeric only), changed 1x a year, safer than a password (3 of 4: Alpha, Mixed case, numeric, special chars), changed 4x a year.
The answer, as you explained, is scope of trust. Machine only vs tenant-wide. That makes sense.
Windows Hello ties the PIN to the TPM of the computer. It’s not just you having a pin, its the pin + the crypto secret loaded on the device. Thats why its more secure then just a complex password.
That makes sense. Something you have (that specific machine) + something you know (your pin).
I used to work someplace where we all had a pin+a smart card that we’d insert into the machine, same idea except I could log into any machine with the card+pin combination.
Loved not having to remember a long AF password. Didn’t like having to drive home if I forgot my card on the kitchen counter.
Just keep the card in your anus
The problem is, if someone does get physical access to the machine, you’ve just made breaking into it much easier.
Edit: that’s assuming the smart card is using rfid.