When you try to log into a Windows PC, you may be missing the option to type in a password. See the screenshot above? Those three icons are for a fingerprint, PIN, or facial recognition. No password! There is a relatively new setting that is responsible. I’m going to tell you how to find that setting but most of you don’t need to change it. It’s fine.
I’m also going to explain what this is all about – an explanation full of Microsoft jargon and references to security and tedious stuff that I’ll try to make as short as possible. Think of the explanation as, say, a bowl of porridge set in front of you for breakfast. It’s not what you would have chosen but it’s good for you and it’s the way we’re starting 2022 and I want you to sit at the table until you’ve finished every last bit.
In the past the Windows sign-in screen has had the words “Sign-In Options” below the place where you type in a PIN or password.
Today if you are asked for a PIN, the words “Sign-In Options” might be missing. Or there will be options for fingerprint or facial recognition but no place for a password. There’s no way to log in if you only know the password.
Look in Settings / Accounts / Sign-In Options. There is a new toggle: “For improved security, only allow Windows Hello sign-in for Microsoft accounts on this device.” If you want the option to use a password if you choose, turn this setting off.
This is how you’re starting 2022? Sigh. Okay, what is Microsoft’s game?
We’re going to talk about Microsoft accounts and about different ways to log in to a Windows PC.
Stop it, you big baby, you can handle this.
The first way to log into a Windows PC: type in the password for the personal Microsoft account
Microsoft really really wants you to connect a new PC to a personal Microsoft account. If you buy a new PC with Windows 10 or 11 Home edition, Microsoft has made it almost impossible to avoid the requirement of a personal MS account. (Almost. It’s still possible to set up a local account that is not connected to Microsoft, but it’s hard and you have to be really geeky to bother. Google around if it’s important to you.)
A personal Microsoft account is a login name (looks like an email address) and a password. It connects you to uninteresting Microsoft services. It is not the same as your business email address and password, the “work or school” account called Office 365 or Microsoft 365.
Exceptions: there are other ways to set up Windows PCs with more or less effort – local accounts that are not connected to Microsoft, and connections with Windows 10 or 11 Professional to the business account. I think you’ll agree that it’s really important that I not use the words “Azure Active Directory,” so let’s not talk about those now.
The goal: get rid of the password
Everything that follows is driven by Microsoft’s new goal: leave the computer connected to the personal Microsoft account, but don’t ever require anyone to type in the password.
There are three reasons to remove the password.
(1) You choose crap passwords. Your passwords are too easy to guess or you use the same ones over and over. Or both. Probably both.
(2) All the other login methods are more secure because they’re limited to the individual computer. If somebody hacks your PIN, they might get into the computer but they don’t get into your Microsoft account. I’m repeating the corporate line here – I don’t know if I think it’s true, but that’s what they say.
(3) No one at Microsoft will admit this but they know that non-tech people are completely clueless about personal accounts and passwords. You have no idea what a Microsoft account is. You hate passwords. When you forget the password, you are furious and Microsoft is the most likely target for your rage.
So for pretty good reasons, Microsoft wants to give you a secure way to log into your computer without typing in a password.
The second way to log into a Windows PC: type in a PIN
A PIN is an easy-to-remember sequence that works instead of a password. You’ve had a PIN for your bank card for years. The PIN for the computer is usually four to six numbers. You can use the same PIN as your debit card but all the security people will tell you not to. You can also use letters and symbols so it looks like a password but that kind of misses the point.
You’ll probably be asked to set up a PIN automatically – Windows is pretty insistent about it these days. Look for all these settings in Settings / Accounts / Sign-In Options.
Exceptions: something makes the whole PIN experience get weird when you add a business account to the computer for your mail or the Office programs. If you get odd error messages about not being able to set up a PIN, call your IT person and hope that they’re smarter than I am, because I’ve never been able to figure it out.
The third way to log into a Windows PC: use a fingerprint or facial recognition
If your laptop has the right stuff, then you can tap a finger or be recognized by the camera and bang, you’re in. It’s fast and incredibly secure. Plus you can use the word “biometrics” and people will think you’re smart.
Microsoft chooses a name
Now comes the step where Microsoft is its most Microsofty.
Microsoft wanted a name to summarize the alternatives to a password – PIN, fingerprint, facial recognition. It chose this name:
The name Windows Hello is so perfectly Microsoft! It conveys exactly nothing about what it means. It sounds cute in a corporate way without being likable.
But now the toggle in Settings makes sense. Look again at what it says.
For improved security, only allow Windows Hello sign-in for Microsoft accounts on this device.
Let’s paraphrase that with more words.
If this computer is linked to a personal Microsoft account – and it is, because we forced that – then remove the password option. Only allow logins with a PIN or fingerprint or facial recognition.
Voila! You’ve gone passwordless, and you’ve improved your security and Microsoft is proud of you. I believe that this is the default when you set up new Windows PCs but I can’t swear to it. Everything about Windows PCs and defaults is a moving target these days, constantly changing.
I had to reset a client’s PC when he couldn’t remember his PIN and there was no password option. And another client’s paralegal couldn’t get into her boss’s laptop when the boss was unavailable and we didn’t have the PIN. I don’t have any strong feelings about whether that toggle in Settings should be on or off. Just remember that it exists. And use the word “biometrics” in a sentence to sound smart.
Thank you for the heads-up. I am a local userid kind of guy, who has learned about MS ids (and asked you several questions about them along the way) in order to support other people. Not sure if I care so much about the eventual universal adoption of MS ids required for logon, but I KNOW FOR SURE that they generate many more issues than local ids and I want to keep local ids around, if only to know that I will always have a way to get in and effect repairs.
Thanks for the concise explanation. I am an electrical engineer who’s been involved with IT for 30 years,, including Unix/Linux and various Windows versions, and this new MS accounts scheme is very confusing for me. I cannot imagine how confusing it is for a non-technical person (in fact, I’m bound to find out, since my mother-in-law just bought a new laptop:). For once, I’d like to know how could one get into his computer if local accounts are disabled, and the Net is down? This is similar to being unable to postpone the system update which sets off minutes before an important presentation. Microsoft genius at it’s best!
Don’t overlook that it’s possible to add a local account with no MS connection. A lot of people use this sequence: (1) set up the computer with a personal MS account, even a throwaway one; (2) add a second account and bypass the push to connect it to MS so it’s a local account; (3) make it a local admin account; and (4) reboot into the new account, then delete the first account. A bit of a pain, sure, but at least it’s still possible.
At least they didn’t name it Microsoft Start again.
Very interesting blog. Thank you for sharing all this extremely useful information.