During the setup or upgrade of Windows 10, you might be presented with a screen titled ‘Passwords are so yesterday’ after you sign in with a Microsoft account. With it, Microsoft makes the claim
“Using a PIN is faster and more secure than a password – we think you’ll love it.”
This seems contradictory to all that we have learned about passwords like the longer and the more complex, the better.
This setting has actually been available since Windows 8 but I and many others managed to avoid using a Microsoft account until Windows 10’s tighter integration.
So, how is a short 4-6 number PIN better or stronger to use than a 14 character password? It’s not. Straight-up 4 digits versus 14 characters including mixed case, numbers, and special characters, the PIN doesn’t stand a chance.
However, it’s important to note that Windows 10’s use of a PIN is not a replacement for a password. You establish your PIN after signing in to your Microsoft account with your user name and password. You then create your PIN as a secondary authentication to your Microsoft account but, the trick is that it only works from your device.
You proved you are who you claim to be by entering your password. Now, Microsoft knows you sign into this device. It then uses the PIN as almost a two-factor authentication piece.
With physical access to your device, it is unlikely the malicious person will be able to access your account. PINs are configured for anti-hammering, which means after 5 incorrect attempts, it is locked out. The PIN is also more likely to be adopted than a strong password, so this might be an improvement in security for many people. This also protects your Microsoft account, which has access to more things. If your PIN is compromised, it is to a single device. Using a PIN increases the security of your Microsoft account, not your computer.
If you would like to enable a PIN, you can find it under Settings, Accounts, Sign-in options. You can also take advantage of Windows Hello to use your fingerprint, face, or iris as another means to sign in with an alternative to using a password.