Hacker News new | ask | show | jobs
by WorldMaker 2538 days ago
The PIN is used to unlock a private key in the hardware TPM module. The private key is then used unlock the account. The PIN is more secure because it's really just an unlock code for a hardware private key. It's the private key doing the hard work of unlocking the local account (and even unlocking secure access to the cloud account without password entry). The PIN is only sent to the TPM on that device (and the TPM is built so that it only accepts PINs physically entered on that device, lock outs after bad attempts, etc) and only used to unlock that private key and not stored anywhere else or sent over wire to any other machine.

It changes the threat model from "knows password" to "knows PIN and has physical access to user's device".

ETA: Something the article should probably have better underscored was Microsoft was specifically talking about "Windows Hello" PIN entry rather than PIN usage in general.
2 comments
ircdrone 2538 days ago
“The PIN is more secure because it's really just an unlock code for a hardware private key.” so it is a password for the hardware private key. But rebranded as a pin so microsoft sounds as if it does something to innovate.
link
WorldMaker 2538 days ago
It's not really a rebranding because the use of the word PIN here is closer to (and derived from) the use of a PIN in the older, traditional multi-factor sense where for instance a bank card PIN only worked with the associated bank card present. PIN versus Password has almost always implied this sort of multi-factor distinction, and Microsoft if anything is just reusing an old term for what it was meant for.
link
yellowapple 2538 days ago
So why can't I use a password to unlock my TPM module, then? Why does it have to be a PIN specifically?
link
WorldMaker 2534 days ago
Presumably because people are less likely to think a PIN "secure" and "unguessable", and ironically are more likely to protect it (and actually remember it without writing it down). In general, people are really bad at passwords and password security. Microsoft here are taking the stance that the only good password is no password at all. There is a (weird) psychological difference between passwords and PINs.

(Also, it doesn't have to be a PIN, it can be biometrics if you prefer.)

link