ItsGeekToMe.co

Q: My question is regarding Windows Hello, which seems to be required to use the Microsoft Store. I do not have a PIN and I don’t know where to get one. The app just goes round and round with questions that go back to this PIN, even when I say I don’t have one or I forgot it. It doesn’t accept the Microsoft account PIN that I do have. Where do I obtain the PIN it wants?

 – Argie L.
Indianapolis, Indiana

A:  I discussed Personal Identification Numbers, or PINs in a column earlier this year (Geek Note: I.G.T.M. #808, January 15, 2023).  In that issue I talked about the difference between PINs and pins, and I ever-so-briefly touched on Windows Hello.  It seems like it’s time to discuss it in more detail.

 

According to a page on Microsoft’s website: “Windows Hello lets you sign in to your devices, apps, online services, and networks using your face, iris, fingerprint, or a PIN. Even if your Windows device can use Windows Hello biometrics, you don’t have to. If it’s the right choice for you, you can rest assured that the info that identifies your face, iris, or fingerprint never leaves your device. Windows does not store pictures of your face, iris, or fingerprint on your device or anywhere else.”

So, Windows Hello is essentially a security gatekeeper, giving you a more personalized means by which you can uniquely identify yourself to various Microsoft products and services.  However, please notice, Microsoft went out of the way to mention that nothing – which would include the Microsoft Store – forces you to use Windows Hello, much less the PIN feature. It’s a wholly personal choice.

Let’s talk more about PINs for a moment.  In many ways a PIN is similar to a password.  It is secure in the sense that only you – the user – know the PIN.  Think of a PIN as a password-lite, because PINs are generally 4-8 characters and often contain only numbers, giving a possible number of potential combinations between 10,000 and 10,000,000.  That may sound like a lot if you’re trying to protect from other people guessing it, but a computer can process data much more quickly, and can try all the combinations in a split second, meaning PINs aren’t particularly secure.  While they’re better than nothing, they are not nearly as effective as an 8- or 12-character password that must contain letters, numbers, and special characters.  Just for fun’s sake, the actual number of possible combinations if you’re using 12-character passwords, using both upper and lowercase letters, plus numbers and special characters, is somewhere north of 8.9 trillion.  As impressive as that may be, cracking such a password is not outside the realm of possibility for modern super-fast computers.  Windows Hello’s other options, especially its biometric options are far more secure, as they’re keyed to unique elements of your personal physiology. 

Now that you (hopefully) understand the “why” of Windows Hello and PINs, let me address the issues in your question directly.  As to where you get one, the simple answer is you don’t.  Nothing sets one up for you, or gives it to you.  It is you who tells Windows what PIN you want to use when you set up Windows Hello.  All PIN management – as well as other supported account protection methods – are accomplished in the same place.  Go to Start->Settings->Accounts->Sign-in Options, and work from there.

As for going round and round, break the cycle! Somewhere in virtually every user authentication process is a link that says something like “I forgot my PIN/password”.  This will lead to an account recovery procedure that will first take steps to verify your identity.  This is usually accomplished via a text message (if you’ve registered and verified a phone number) or e-mail.  Once it’s satisfied that you are who you say you are if will either provide your existing PIN/Password, or more likely, it will give you a link where you can go and establish a brand new one.