Windows Network Share on machine with Windows HELLO/PIN, versus password

Hello Nick, I'm Greg here to help.

In order to have any other method of Sign In like Pin, Fingerprint, etc, you must first and always have a password. So what happens if you try to use your account password instead of PIN. If for some unusual reason it's prompting for PIN there should also always be a link nearby to change the Sign in Options.

I would also report this in Feedback Hub in Start menu as it's a Security compromise to use PIN beyond the local device, the only reason it is a more secure option: https://channel9.msdn.com/Blogs/One-Dev-Minute/...

If the password doesn't work you can troubleshoot Password Protected Sharing in Windows 11 here:

https://wethegeek.com/enter-network-credentials...

https://superuser.com/questions/1713132/windows...

https://www.makeuseof.com/windows-enter-network...

https://10scopes.com/file-sharing-not-working-i...

https://www.youtube.com/watch?v=RZHez9ldv8I

If you've forgotten your password you can reset it here:
https://www.elevenforum.com/t/reset-password-fo...

If this is not exactly what you need, please explain a bit more so I can help you better. Otherwise feel free to ask back questions and keep me posted on your progress as I will be here to help until this is resolved.
______________________________________________

Standard Disclaimer: There are links to non-Microsoft websites. The pages appear to be providing accurate, safe information. Watch out for ads on the sites that may advertise products frequently classified as a PUP (Potentially Unwanted Products). Thoroughly research any product advertised on the sites before you decide to download and install it.

thanks for reply.

re: alternative to PIN - there MAY be the option of "I've forgotton my PIN", but THAT is not an option. I HAVE the PIN, and it works.

and the SOURCE machine that is trying to access the destination (PIN) machine does NOT SEE that screen to change to an alternative. It just has the "network connection" box of microsoft that asks for the credentials of the destination machine, of Username/Password. There is no way to enter a PIN, the PIN is working, and an alternative to lessen the security is NOT what is desired.

The PIN poses a conundrum of how to access a destination machine, from a source machine, even if it is in my own house. BUT, to DISABLE the PIN , unless there is an easy way from the destination machine to do this from the console, once logged in, is not practical.

Scenario I'd like -

two machines, source and destination, at home. I have logged in to both; the destination machine being logged into with Username and PIN.

THEN, on source machine, i start Syncovery (my cloning program), or select the destination machine in NETWORK.

ON the destination machine, some way to set a parameter (temporary, but easy), to allow some type of password, FROM the source machine, to be entered, to allow me to clone files,folders, from the source machine.

THEN, once done, on the destination machine console, turn OFF the temporary password access, so it is back to requiring a PIN.

thanks for any assistance.

Nick -

There is no way to enter a PIN because a PIN is not used for password-protected sharing, only a password. A PIN is not to go off of the local PC.

If you are getting any PIN prompt somewhere for password-protected sharing then Please post a screenshot so I can see what you're seeing. Here's how to take one and attach using Insert Image button in reply box: http://windows.microsoft.com/en-us/windows-10/o...

What happens when you try to use the requested password? If there are problems I gave you all ways to fix them. If you have forgotten your password you need to reset it which I also showed you how to do.

to clariify -

source machine, windows 10, i use username password, login is ok

on new DESTINATION windows 11 machine, i use username, and a PIN.

IT WORKS OK. nothing is wrong

the ISSUE IS that now, since the destination is controlled by pin, the SOURCE machine can no longer communicate, through teh network, to the destination machine, because the NETWORK connection box on SOURCE machine requests username and password, and the destination machine is NOT CONTROLLED by that.

that is all normal in operation.

WHAT WOULD BE BENEFICIAL, if the higher ups programmers would consider, is that once i am LOGGED INTO my destination machine, with a username and a PIN, that some EASILY TOGGLEABLE utility to ENABLE the destination machine be also connected to from the source machine some temporary password credentials (these could expire at end of connection, or at shutdown or hibernate, etc), THUS i could then connect my source machine to the destination machine, and clone files to the destination.

since I personally would have (and would be) actively logged on to each machine,and would have enabled the destination's temporary use of a login credential, then it would be safe to connect this way.

SO, again, nothing is wrong technically. It is just that the new use of a PIN login now prevents remote access into the destination computer, and i am looking for some method to be considered that would allow temporary communication from the source to the destination across the network,to send files with my cloning program.

it would be a new or enhanced feature.

nick

Nick, what I'm not getting across is that the password is always present whether you are using it primarily or not.

This is why I wrote in my first post that you must have a password to use any other method. So it's still sitting there waiting to be used in such cases as this where password-protected sharing requires a password and not a PIN.

There are other cases where only password is accepted, too, so it's important not to forget it, and if it you do have Security mobile number and alternate email set up to receive a code required to change the password:
https://support.microsoft.com/en-us/help/12428/...

The reason I emphasize this is because if you get stuck and dont' have password handy and try to reset it and don't have this Security info current, it can get thrown into Account recovery that can last up to 30 days which is such a PITA I hate to see anyone else have to go through it.

Please let me know if there's anything I've not made clear so i can clarify it, since this is such important information to know.

thanks again.

I have my main microsoft password. it is protected and secured.

but i am not logging in with that account right now, on the destination machine.

i have a local admin01 account. i CREATED this, and initially had a password, but now it is using the PIN.

on the SOURCE machine, i DID enter the original password that i had created the account with, but it states "it is incorrect".

do the LOCAL ACCOUNTS still retain their password, if a pin is used?

and if so, do the above links work to recover them? I looked at couple of links, and it seems that that just relates to the microsoft main password (and by default, my main microsoft account password on the destination machine.

thanks, and sorry for any confusion

nick

EDIT, 20221210_, 12 pm est.

I found that my local ADMIN login DOES have a password.

this discovery came about by trying to enable (an already enabled) gpedit.msc ACCOUNT LOCKOUT THRESHOLD.

(I have created a separate post for this question , but the details of this relate to my current issue; i am posting here just as informational)

new machine, windows 11 home.
enabled gpedit.msc
account lockout threshold 10 attempts, reset after 5 minutes.

ok, tried the settings, to see if it worked.
after 5 incorrect attempts, microsoft responded with "enter challenge phrase a1b2c3".
THEN, gave options to enter either PIN or PASSWORD !!????

and, entering the PASSWORD did work, so it IS STORED in the machine somewhere

this is nuts.  I WANT the security enabled, so that only a PIN can be tried, or so that if EITHER PIN or PASSWORD is attempted wrongly for 10 times, the machine locks up.

AND, so that if i AM NOT logged in, that the data is still encrypted, not open to other attacks.

so, it is informational here, but i did post it separately wiht some additional questons about is the login of PIN or PASSWORD providing the same security, OR is the drive in an open readable state even without PIN or PASSWORD being entered?

again, thanks for any of your feedback

Yes, Nick, as I've tried to repeatedly explain here the password never goes away and is designed to be used interchangeably with a PIN, and in some instances such as this one only password is required and a PIN will not work.

So you don't replace a password with a PIN, you add a PIN or other Hello method to use in addition to the password.

For sharing you'd only use a password or turn off password-protected sharing. This is because a Windows Hello PIN never is used off the local device.

For a Local Account, password reset is achieved using test questions on the sign-in screen: https://www.windowscentral.com/how-add-security...

PIN is reset in Account Settings > Sign In Options.

If PIN becomes dysfunctional, do a hard reset as shown here:
https://www.technewstoday.com/change-pin-windows/

There was no need to create a second post about need for a password, I have made it clear repeatedly throughout this thread.

thanks for reply.

i will store these directions in my tutorial archives.

re: second post - the second post is to post the question about if the machine is still encrypted, if the correct pin/password is not entered, and does an entry of PIN OR PASSWORD count as an attempt for the ACCOUNT LOCKOUT THRESHOLD.

again, thanks very much !

nick

AND, EDIT -

can you clarify how the encryption works, with EITHER THE PIN or PASSWORD (are both equally effecttive),

AND, if SO, then is there any real advantage to a PIN, over a password, especially since microft has some default settings in the ACCOUNT LOCKOUT THRESHOLD?

thanks

EDIT #2 - an EPIPHANY !

Microsoft account - Definitely use a PIN, because then i don' thave to send the password over a server, it is local.

LOCAL accounts, whether admin or user - does not matter if PIN or password (for logon purposes), because both are getting typed into the local machine, not transmitted.

and if i do too many attempts, does not matter if microsoft challenges the typist; because the typist may be a thief, and does not know the codes anyway.

please correctg me if i'm wrong

STILL Couple questions with this

If, local admin or user, i use a PASSWORD - does that affect TPM, does TPM protect it? and even if i use a PIN , that "maybe-never-used-password" still floats in whatever local storage is on teh machine? is there any way to hack it out?

AND, no matter PIN or password, if the INCORRECT one is not entered for any of the users, is the data on the hard drive still protected with "windows encryption", locked up, not accessible, until a correct one is entered?

and again the question in first edit, does the account lockout threshold still count all login attempts an an attempt?

I really appreciate all your help to clarify this.

I HAVE older windows 10 pro systems, and the easy protectoin was just to turn on bitlocker with its OWN login PIN before rest of system was open.

BUT, wiht windows 11 home, and included "windows encryption " (bitlocker in the background), i want to make sure my logins (and also for our homeowners association new laptop) still have the benefit of encryption-before-login, and using teh benefits of the TPM.

thanks !!!!!

Microsoft developers published this blog post about how the PIN is safer than the password: https://channel9.msdn.com/Blogs/One-Dev-Minute/... (posted earlier above too)

The PIN is rooted in TPM which is the hardware security chip on motherboard recently updated to TPM2 for Windows 11 to add new dimensions of security:

https://learn.microsoft.com/en-us/windows/secur...

https://www.tomsguide.com/news/what-is-a-tpm-an...

As to other Windows built-in encryption like EFS file and folder encryption and Bitlocker driver protection, I would have another backup method because I do see cases where these fail causing file loss. An idea real time backup is to move your User folders into OneDrive (5gb free, more cheap or 1tb free with M 365) or Google Desktop (15gb free) for real time backup to the encrypted cloud. If you back up to an external drive make sure it's kept unplugged to avoid ransomware infection.

I hope it helps. Feel free to ask any questions.

______________________________________________

Standard Disclaimer: There are links to non-Microsoft websites. The pages appear to be providing accurate, safe information. Watch out for ads on the sites that may advertise products frequently classified as a PUP (Potentially Unwanted Products). Thoroughly research any product advertised on the sites before you decide to download and install it.

thanks for reply

re: the microsoft video on PIN vs password - that does not clarify whether PIN and/or password count as login attempts, for the Account Lockout threshold.

it also does not clarify if WINDOWS ENCRYPTION unlocks the drive when the machine is turned on (because the drive sees its normal TPM, not the greatest way), or unlocks drive AFTER the correct credentials are entered (and whether PIN and password both do this, or whether PASSWORD is a lesser-secure method, (even considering local account, whre password is not transmitted)

re: backups - thanks for suggestion of backup; i do have backups, i have all files on computer, but i clone to OneDrive, using syncovery, a cloning file-by-file software, which allows encryption of files before upload.

also back up to external drives, encrypt on loading to them, they only get turned on when i use them.

again, thanks for info.

EDIT

see this link

BitLocker Countermeasures (Windows 10) | Microsoft Learn

this has more detail on windows encryption. it references PIN as preboot protection, but it is not clear if the user login with PIN (seems to imply that) is part of that protection. BUT, it does NOT mention passwords.

so are the passwords inferior?

this needs clarified by microsoft, and if the USER login pin is required to open up the windows encryption .