Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Microsoft's idea of security is moving people away from local accounts protected by passwords and to Microsoft accounts protected Windows Hello.

The Windows Hello PIN is protected by the TPM. This means you can't brute force it like a password could be.



That has nothing whatsoever to do with the topic, which is forcing online authentication. You can't possibly argue that needlessly forcing online authentication makes user safe.


The topic isn't about forcing online authentication. It's about improving security from having users use a Microsoft account. The security improvement of using a Microsoft account comes from Windows Hello.


It is. You can check by reading the title.

Your's is a reiteration of Microsoft's preferred talking point that has no basis in reality. Tying local authentication to the cloud tremendously increases the attack surface for those who don't need it. TPMs do nothing to change this fact. The only connection between a TPM and a Microsoft account is that Microsoft chose to tie those two together for their own benefit.


They couldn't just implement whatever biometric thing that is without making it tied to an account?


To brute force a password, attacker needs full access to the system, guessing the password won't give them more access.


No, they don't. They can clone your hard disk and use a different computer. A TPM based pin makes that approach impossible and you must have access to the system itself.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: