All Access Pass

Table of Contents

Have you considered how robust your device PIN is and what it now allows access to?

Microsoft Security Baselines for Windows devices contain a default minimum PIN length of 14 characters.

“WHAT!?” you say, “I only just managed to justify shorter passwords by implementing MFA, and now my previously-six-digit PIN now has to be 14 characters!?”

Yep. That ever-present, super convenient PIN code has become an Achilles heel.

The technology world is moving away from passwords, which can be used from anywhere…including by hackers. Even MFA codes can be obtained through sophisticated phishing methods. By comparison, logins that avoid passwords altogether are considered more secure.

As we transition to a password-less world, much value is placed on phishing-resistant logins that use biometrics, such as fingerprint or face ID. However, while these login methods seem fancy, we can always fall back to the safety-blanket we call the device PIN. If the finger or face scanner is not working (or you’re accessing your significant other’s device…naughty naughty!) we can use the device PIN to login instead.

“But hang on, isn’t a device PIN the same as a password?”

Good question, I’m glad you asked. Passwords are usually tied to a cloud account of some sort, whether a personal Google, Facebook, or Microsoft account (Insta, or Tik-tok for the younger set. Is Snapchat still a thing?) or a company login, again often via Google or Microsoft.

Passwords can be used from anywhere. They’re often tied to a multi-factor authentication system, but without specific restrictions applied by the company providing the account, they can still be used on any device from any location.

Device PINs, however, are tied specifically to the device on which they are created, along with any biometric data (fingerprint/face-ID) you use to authenticate yourself. This authentication data can then be linked to any cloud accounts accessed from that device, removing the need for passwords, making them easy and secure to log into.

“So what’s the problem!?”

Again, I’m glad you asked. These cloud accounts, linked to authentication data safely stored in your trusted devices, are now easily and securely accessible, so you feel safe. So you link even more accounts to it: your work logins, your social media accounts, and dare we imagine your bank and financial systems.

Now we have much of our life tied to one little PIN. It’s very difficult to fake a face ID or fingerprint…but how robust is your device PIN, and what does it allow access to?

Think about it.

Contact iT360 today to discuss how we can help.

Other People Also Viewed These Articles

Leave a Comment