Q. Why are PINs in Windows considered stronger than passwords?
A. Windows has recently been pushing the use of PINs to access devices instead of typing their regular password. Passwords have two challenges:
- Open to brute force attacks (dictionary attacks, databases of stolen passwords)
- It is a network secret which means if I see or steal your password I can use from any device
PINs are created on a specific device and is used to access the key (password) that is saved on the Windows device in the Windows Vault. The PIN has the following characteristics:
- Protected by anti-hammering which means after 5 attempts it is locked out. Consider a 4 digital number has 10,000 combinations only 5 guesses is unlikely to get the right PIN
- The PIN is only of use on the specific machine which means even if someone knows the PIN they have to have the specific machine
The fact that the PIN is protected by anti-hammering and is only of use on a single device makes it stronger than a regular password in many cases.