Solved Your opinion on the 'Can of Worms' that is TPM


hsehestedt

Well-known member
Power User
VIP
Local time
12:15 PM
Posts
1,335
Location
Texas, USA
Visit site
OS
Windows 11 Pro 22H2
The data processed by the TPM is separate from the OS and contained within the TPM microprocessor ONLY. With a TPM problem, backups won't help you. If a pin fails, somehow the TPM communicates that to the windows logon process that makes it give the option of using a password. No, I am not smart enough to know exactly how it does this. But when multiple people across the web complain of TPM related problems and say that they are never offered to enter a password, I have no reason to doubt them all. Anyone who has worked with computers as long as I have knows that crap can happen and does happen to screw up the normal flow of events.
That's not how it works. Let me explain...

Assuming you are using BitLocker: When you perform a backup, the data is decrypted on the fly so what you are actually backing up is a decrypted copy of all the data on the disk. It's exactly the same as it would be when you sit in front of the computer and access any file. say for example that you open a Word document. That document is decrypted from the disk on the fly so that you can access it. Same thing happens as you create your backup - the data is decrypted on the fly. This is why companies such as Macrium note this and recommend that you still employ encryption within their backup software.

If you are not using BitLocker: In that case, loss of the TPM doesn't matter. Your data is still safely backed up as usual and can be restored without your pin or password (the backup password would still be needed). Remember, if I have physical access to your machine, I can easily get at all your data, if you are not using disk encryption such as BitLocker, regardless of whether I have your password or pin. Your password or pin only secures access to your data if someone does not have physical access to your system.

EDIT: Just adding another example. Take a Windows disk and remove it from your computer. Plug it into another system. You can access all data easily. Doesn't matter whether or not you had a TPM unless you are using full disk encryption such as BitLocker. That is the very reason that full disk encryption exists.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 22H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Built
    CPU
    Intel i7-11700K
    Motherboard
    ASUS Prime Z590-A
    Memory
    128GB Crucial Ballistix 3200MHz DRAM
    Graphics Card(s)
    No GPU - CPU graphics only (for now)
    Sound Card
    Realtek (on motherboard)
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 1TB NVMe Gen 4 x 4 SSD
    1 x 2TB NVMe Gen 3 x 4 SSD
    2 x 512GB 2.5" SSDs
    2 x 8TB HD
    PSU
    Corsair HX850i
    Case
    Corsair iCue 5000X RGB
    Cooling
    Noctua NH-D15 chromax.black cooler + 10 case fans
    Keyboard
    CODE backlit mechanical keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Chromium Edge
    Antivirus
    Windows Defender
    Other Info
    Additional options installed:
    WiFi 6E PCIe adapter
    ASUS ThunderboltEX 4 PCIe adapter
  • Operating System
    Dual Boot Windows 11 Pro 22H2 and Windows 10 Pro 22H2
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 15-BL012DX
    CPU
    Intel i7-7500U
    Memory
    32GB
    Graphics card(s)
    Dual Intel HD 620 and Nvidia GeForce 940MX
    Sound Card
    Built-in Realtek HD Audio
    Monitor(s) Displays
    4k 15-inch
    Screen Resolution
    4k (3840 x 2160)
    Hard Drives
    1TB Seagate FireCuda 510 NVMe SSD
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Chromium Edge
    Antivirus
    Windows Defender
    Other Info
    RAM Upgraded from 16GB to 32GB WiFi Upgraded from WiFi 5 to WiFi 6 SSD upgraded from 512GB NVMe SSD to 1TB Seagate FireCuda 510 NVMe SSD

barman58

Moderator
Staff member
Local time
6:15 PM
Posts
1,318
Visit site
OS
Windows 11 Pro x64 [Latest Release Preview]
When setting up a Pin number I always look at phone numbers here in the UK phone numbers are 11 digits, which gives Nine billion variations. ( and that assumes that someone trying to guess knows how many characters are needed so the real number is much larger )

I find that I can use the numeric keyboard to type an eleven digit number in a second or two which helps with those looking over shoulders

Of course don't pick a current or recent number that is tied to yourself, but we all have a number that sticks with you from our past life An old home phone number including the code or a parents number or a works number. This sort of thing will be remembered, so does not have to be recorded anywhere, except on the local PC (Windows Pin Numbers are stored and processed locally so are more secure than passwords which MAY be held online
 

My Computers

System One System Two

  • OS
    Windows 11 Pro x64 [Latest Release Preview]
    Computer type
    PC/Desktop
    Manufacturer/Model
    Chillblast to my design
    CPU
    Ryzen 9 5950X, 4.9GHz
    Motherboard
    Asus Prime X570-Pro Motherboard
    Memory
    64GB DDR4 3200MHz
    Graphics Card(s)
    4GB NVIDIA GEFORCE GTX 1650 Ti - HDMI, DP
    Sound Card
    On motherboard Feeding SPDiF 5.1 system
    Monitor(s) Displays
    32" UHD 32 Bit HDR Monitor + 43" UHD 4K 32Bit HDR TV
    Screen Resolution
    2 x 3840 x 2160
    Hard Drives
    1TB M2 SSD OS, 500GB Fast Access SSD, 2 x 8TB Data + Various Externals from 1TB to 4TB, 10TB NAS
    PSU
    NZXT C750 80 PLUS Gold 750W Modular PSU
    Case
    Chillblast Silent Workstation PC Case - Black
    Cooling
    NZXT Kraken X63 280mm CPU Cooler, Quiet Case fans Fan
    Keyboard
    Wireless Logitec MX Keys + K830 [Depending on where I'm Sat]
    Mouse
    Wireless Logitec - MX Master 3S +
    Internet Speed
    72 MB Down 18.5 MB Up
    Browser
    Latest Chrome
    Antivirus
    BitDefender Total Security [Latest]
    Other Info
    Also run...
    Dell XPS 17 Laptop
    HP Laptop 8GB - Windows 10 Pro x64 HP 15.2"
    Nexus 7 Android tablet [x2]
    Samsung 10.2" tablet
    Blackview 10.2 Tablet
    Sony Z3 Android Smartphone
    Samsung S9 Plus Smartphone
    Wacom Pro Medium Pen Pad
    Wacom Pro Small Pen Pad
    Wacom ExpressKey Remote
    Loopdeck+ Graphics Controller
    Shuttle Pro v2 Control Pad
  • Operating System
    Windows 11 Pro x64 [Latest release]
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 17 9700
    CPU
    i7 10750H
    Motherboard
    Stock
    Memory
    32 GB
    Graphics card(s)
    Stock Intel + GTX 1650 Ti
    Sound Card
    Stock 4 speaker
    Monitor(s) Displays
    Stock 17" + 32" 4K 3840 x 2160 HDR-10
    Screen Resolution
    3840 x 2400 HDR touchscreen
    Hard Drives
    2TB M2 NVMe
    PSU
    Stock
    Case
    Stock Aluminium / Carbon Fibre
    Cooling
    Stock + 2 fan cooling pad
    Mouse
    Stock Trackpad +Logi Mx Master 3 or MX Ergo Trackball
    Keyboard
    Stock Illuminated + Logi - MX Keys
    Internet Speed
    72 MB Down 18.5 MB Up
    Browser
    Latest Chrome
    Antivirus
    BitDefender Total Security 2021
    Other Info
    Also use an Adjustable Support for Laptop and Adjustable stand for monitor

The-Hive

The First Three Star Guru
Guru
VIP
Local time
6:15 PM
Posts
11,382
Location
Wiltshire UK
Visit site
OS
Windows 11 Pro
Well I can honestly say the TMP has had no effect, I have just updated my BIOS and all went well, no problems at all. I use automatic logon with netplwiz I had to change from a pin to a password to do it. great, works a treat. If I change things or create a task etc. it asks for my password if I logout and back in, it asks for my pin which works fine as well
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Alienware Area 51m R2
    CPU
    10th Gen Core i9 10900K
    Memory
    32GB
    Graphics Card(s)
    Geforce RTX 2080 Super
    Sound Card
    Nvidia HD
    Screen Resolution
    1920x1080
    Hard Drives
    C: Samsung 2TB P981A
    D: Samsung 2TB 970 Evo
    Case
    Dark side of the moon
    Mouse
    Alienware AW610M
    Browser
    Chrome and Firefox
    Antivirus
    Norton
    Other Info
    Killer E3000 Ethernet Controller
    Killer AX1650i Wi-Fi Network Adaptor
    Alienware Z01G Graphic Amplifier
    Tobii Eye Tracker
  • Operating System
    Dual Boot Windows 11 Pro / Windows 11 Pro Dev build
    Computer type
    Laptop
    Manufacturer/Model
    Dell Inspiron 3501
    CPU
    11th Gen i-7 2.80 gb
    Memory
    16Gb
    Screen Resolution
    1920 x 1080
    Hard Drives
    512Gb SSD
    WD 2GB EXT
    Browser
    Chrome
    Antivirus
    Norton

clam1952

Well-known member
Power User
VIP
Local time
6:15 PM
Posts
652
Location
Crewe, Cheshire, UK
Visit site
OS
Windows 11 22H2 OS Build 22623.1095
If you create a pin that is not just the minimum 4 digits but as you can, use a mixture of numbers and letters, that isn't IMO any quicker logging on than using a decent local password, both are stored locally and hashed.
I wouldn't use a phone number as such, even old numbers may still be linked to you somewhere online, I recently removed one from 10 years ago from a supplier, I hadn't used for a long time, might consider using one backwards though.
 

My Computers

System One System Two

  • OS
    Windows 11 22H2 OS Build 22623.1095
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self Build
    CPU
    AMD Ryzen 7 3800X
    Motherboard
    Asus PRIME B350-PLUS
    Memory
    16GB Corsair Vengeance LPX DDR4 @3000Mhz
    Graphics Card(s)
    ASUS - GeForce RTX 3070 Ti 8 GB TUF GAMING OC
    Sound Card
    On Board Realtec
    Monitor(s) Displays
    Acer KA241
    Screen Resolution
    1920 x 1080 @60Hz
    Hard Drives
    240GB PNY CS900 SSD - OS
    2 x 1TB Crucial MX500 SSD
    1 x 500GB Crucial MX300 SSD
    2TB Seagate ST2000DM001-1ER164
    2TB Seagate ST2000DM008-2FR102
    PSU
    750 Watt Corsair TX750 Plus
    Case
    Cooler Master 690 III
    Cooling
    Akasa AK98 5 Case Fans
    Keyboard
    Logitech K270 - wireless
    Mouse
    Logitech - M185 wireless
    Internet Speed
    BT Fibre 75 Mbps
    Browser
    Firefox
    Antivirus
    Windows Defender
    Other Info
    Use hardware KVM to switch monitors on three PCs and software (input director) to use mouse and keyboard on all 4 PCs.
  • Operating System
    Windows 11 Pro 22H2 build 22621.900
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Inspiron 3881 - modified with SFX PSU fitted internally
    CPU
    Intel i5 - 10400
    Motherboard
    Dell 032w55 version A00
    Memory
    16GB of HyperX Fury @ 2133 Mhz
    Graphics card(s)
    EVGA 6GB GTX 1060.
    Sound Card
    Builtin
    Monitor(s) Displays
    ACER KA241
    Screen Resolution
    1920x 1080 @60Hz
    Hard Drives
    256GB SK hynix NVMe
    1TB Western Digital WD10EZEX-75WN4A1
    PSU
    Modular 450 Watt Corsair SF450 Platinum ( Mod to replace the Dell 265 Watt PSU)
    Case
    Inspiron Small Desktop
    Cooling
    Dell stock cooler
    Mouse
    Dell
    Keyboard
    Dell
    Internet Speed
    BT Fibre 75 Mbps
    Browser
    Firefox
    Antivirus
    Windows Defender
    Other Info
    Use hardware KVM to switch monitors on three PCs and software (input director) to use mouse and keyboard on all 4 PCs.

glasskuter

Well-known member
Pro User
VIP
Thread Starter
Local time
12:15 PM
Posts
3,278
Location
Paris in the Lone Star State of Texas
Visit site
OS
Windows 11 Pro 22H2 22621.1105
That's not how it works. Let me explain...
Respectfully, I say part of your statement is incorrect. You keep talking bitlocker. I am not talking about TPM's relationship with bitlocker. I am talking about TPM's relationship with Windows Hello. Bitlocker and Windows Hello is apples and oranges...2 separate functions of TPM. When a TPM is present, bitlocker uses it, but you can configure bitlocker through local group policy even if you do not have TPM. You cannot use Windows Hello without TPM.
Example: I have TPM 2.0. I do not use bitlocker. I do use Windows Hello. Windows Hello is a separate function from Bitlocker.

This Windows Hello authentication key is stored strictly within the TPM chip, NOT on the hard drive. A backup does not backup the information on the TPM chip.

When the PIN is created, it establishes a trusted relationship with the identity provider and creates an asymmetric key pair that is used for authentication. When you enter your PIN, it unlocks the authentication key within the TPM and it is that key to sign the request that is sent to the authenticating server. If for whatever reason this authentication key within the TPM gets corrupted, a Pin would not work, and the user is given the option to use a password. This is the part of the process that has failed for some people. Just because it has NOT YET happened for you or me does not mean that it can't happen.

Don't believe me about how it works. Read the Microsoft document.

That's the basis of my argument that taking WIndows Hello out of the equation is one thing a user can do to possibly make life easier on down the road. I am content to agree to disagree because we all have our own understanding of all the smoke and mirrors that is Windows.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 22H2 22621.1105
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 m.2 2230-256+1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 21H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell factory
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Internet Speed
    still not telling
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium

hsehestedt

Well-known member
Power User
VIP
Local time
12:15 PM
Posts
1,335
Location
Texas, USA
Visit site
OS
Windows 11 Pro 22H2
Respectfully, I say part of your statement is incorrect.
You may notice that I reference both with and without BitLocker. I was differentiating between the two. My point is that if you have a backup you can recover from anything - even if Windows Hello and your password fail. There is no circumstance whatsoever that you cannot recover from if you have a <good> backup.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 22H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Built
    CPU
    Intel i7-11700K
    Motherboard
    ASUS Prime Z590-A
    Memory
    128GB Crucial Ballistix 3200MHz DRAM
    Graphics Card(s)
    No GPU - CPU graphics only (for now)
    Sound Card
    Realtek (on motherboard)
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 1TB NVMe Gen 4 x 4 SSD
    1 x 2TB NVMe Gen 3 x 4 SSD
    2 x 512GB 2.5" SSDs
    2 x 8TB HD
    PSU
    Corsair HX850i
    Case
    Corsair iCue 5000X RGB
    Cooling
    Noctua NH-D15 chromax.black cooler + 10 case fans
    Keyboard
    CODE backlit mechanical keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Chromium Edge
    Antivirus
    Windows Defender
    Other Info
    Additional options installed:
    WiFi 6E PCIe adapter
    ASUS ThunderboltEX 4 PCIe adapter
  • Operating System
    Dual Boot Windows 11 Pro 22H2 and Windows 10 Pro 22H2
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 15-BL012DX
    CPU
    Intel i7-7500U
    Memory
    32GB
    Graphics card(s)
    Dual Intel HD 620 and Nvidia GeForce 940MX
    Sound Card
    Built-in Realtek HD Audio
    Monitor(s) Displays
    4k 15-inch
    Screen Resolution
    4k (3840 x 2160)
    Hard Drives
    1TB Seagate FireCuda 510 NVMe SSD
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Chromium Edge
    Antivirus
    Windows Defender
    Other Info
    RAM Upgraded from 16GB to 32GB WiFi Upgraded from WiFi 5 to WiFi 6 SSD upgraded from 512GB NVMe SSD to 1TB Seagate FireCuda 510 NVMe SSD

Scott

Well-known member
Member
VIP
Local time
8:15 AM
Posts
426
Location
Maui, HI
Visit site
OS
Win 11 Pro 22H2 22621.1194
On my sign-in screen, if I select Sign in Options two icons appear. The left icon, a keypad, when I hover my mouse over it the pop out says PIN. The right icon for computer login the pop out says Microsoft Account Password. I know some people don't have a MS account password for whatever reason. In those cases if their PIN fails, they may or not be prompted for a password. Without a MS account password, they could be locked out. At least that's the way I see it, just thinking out loud here.

When I made my PIN I made a complex one with upper/lower case, numbers, and special characters. I do like how it's tied to the physical machine.
 

My Computers

System One System Two

  • OS
    Win 11 Pro 22H2 22621.1194
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self Built
    CPU
    Intel® Core™ i5-11600KF
    Motherboard
    ASUS TUF GAMING Z590-PLUS WIFI
    Memory
    CORSAIR Vengeance LPX 64GB (4x16GB)
    Graphics Card(s)
    EVGA GeForce RTX 3050 XC Black Gaming
    Sound Card
    Creative Labs PCIe Sound Blaster X-Fi Titanium (dan_k drivers)
    Monitor(s) Displays
    ASUS TUF Gaming 27" WQHD
    Screen Resolution
    2560 x 1440
    Hard Drives
    SAMSUNG 980 Pro SSD 1TB PCle 4.0 NVMe (boot)
    SAMSUNG 970 EVO 1TB PCle 3.0 NVMe (x2)
    SAMSUNG 870 EVO 2TB SATA III (x2)
    SAMSUNG 870 EVO 250GB SATA III
    PSU
    CORSAIR HX750
    Case
    Antec Dark Phantom DP502 FLUX
    Cooling
    Corsair Hydro Series H60 AIO
    Keyboard
    Logitech MK 320
    Mouse
    Razer Basilisk V3
    Internet Speed
    200Mbs
    Browser
    Firefox
    Antivirus
    Winows Security
    Other Info
    UEFI, Secure Boot, TPM 2.0
    MR 8 HE
  • Operating System
    Win 11 Pro 22H2 22621.963
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Built
    CPU
    Intel Core i7-8700
    Motherboard
    Asus Prime Z370 P-II
    Memory
    32 GB DDR4
    Graphics card(s)
    EVGA GeForce GTX 760
    Sound Card
    Realtek
    Monitor(s) Displays
    Samsung SMT27A300
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung 870 EVO 500GB SSD
    Seagate Barracuda 7200rpm 1TB HDD (X2)
    PSU
    Corsair CX550M
    Case
    Old Antec, unknown model
    Cooling
    Hyper 212 EVO
    Browser
    Firefox
    Antivirus
    Windows Security

Dru2

Well-known member
Power User
VIP
Local time
1:15 PM
Posts
2,587
Location
Virginia
Visit site
OS
Windows 11 Pro 22H2 (Build 22621.1105)
For those curious about why TPM and its intent, this Jan 1, 2000, Microsoft article may shed some light: Trusted Platform Module (TPM). Simple, clear, concise.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 22H2 (Build 22621.1105)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom built
    CPU
    Intel i9-9900K
    Motherboard
    Gigabyte Aorus Z390 Xtreme
    Memory
    32G (4x8) DDR4 Corsair RGB Dominator Platinum (3600Mhz)
    Graphics Card(s)
    Radeon VII
    Sound Card
    Onboard (ESS Sabre HiFi using Realtek drivers)
    Monitor(s) Displays
    NEC PA242w (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    5 Samsung SSD drives: 2X 970 NVME (512 & 1TB), 3X EVO SATA (2X 2TB, 1X 1TB)
    PSU
    EVGA Super Nova I000 P2 (1000 watt)
    Case
    Cooler Master H500M
    Cooling
    Corsair H115i RGB Platinum
    Keyboard
    Logitech Craft
    Mouse
    Logitech MX Master 3
    Internet Speed
    500mb Download. 11mb Upload
    Browser
    Microsoft Edge Chromium
    Antivirus
    Windows Security
    Other Info
    System used for gaming, photography, audiophile media center, work.
  • Operating System
    Win 10 Pro 22H2 (build 19045.2130)
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkPad Yoga X1
    CPU
    Intel i7-7600U
    Motherboard
    Intel
    Memory
    16igg
    Graphics card(s)
    Intel HD 620
    Sound Card
    Onboard
    Monitor(s) Displays
    14.0 WQHD OLED Touch
    Screen Resolution
    2560 x 1440
    Hard Drives
    1TB NVMe Drive (OEM)
    PSU
    laptop
    Case
    laptop
    Cooling
    Laptop cooling
    Mouse
    Logitech MX Anywhere 2S
    Keyboard
    Laptop
    Internet Speed
    100MB
    Browser
    Edge Chromium
    Antivirus
    Windows Security

Winuser

Well-known member
Pro User
VIP
Local time
1:15 PM
Posts
4,436
Visit site
OS
Windows 11

My Computers

System One System Two

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    PowerSpec B746
    CPU
    Intel Core i7-10700K
    Motherboard
    ASRock Z490 Phantom Gaming 4/ax
    Memory
    16GB (8GB PC4-19200 DDR4 SDRAM x2)
    Graphics Card(s)
    NVIDIA GeForce GTX 1050 TI
    Sound Card
    Realtek Audio
    Monitor(s) Displays
    Samsung SAM0A87 Samsung SAM0D32
    Screen Resolution
    1920 x 1080
    Hard Drives
    NVMe WDC WDS100T2B0C-00PXH0 1TB
    Samsung SSD 860 EVO 1TB
    PSU
    750 Watts (62.5A)
    Case
    PowerSpec/Lian Li ATX 205
    Keyboard
    Logitech K270
    Mouse
    Logitech M185
    Browser
    Microsoft Edge and Firefox
    Antivirus
    ESET Internet Security
  • Operating System
    Windows 11 Dev
    Computer type
    Laptop
    Manufacturer/Model
    HP Envy x360 15-ds1083cl
    CPU
    AMD Ryzen 7 4700U 2.0GHZ
    Memory
    16 MB DDR 4-2666
    Graphics card(s)
    AMD Radeon
    Monitor(s) Displays
    15.6"
    Screen Resolution
    1920x1080
    Hard Drives
    PCIe NVMe M.2 512GB
    Browser
    Firefox, Edge and Edge Canary
    Antivirus
    ESET Internet Security

geneo

Well-known member
Power User
VIP
Local time
1:15 PM
Posts
3,104
Visit site
OS
Windows 11 Pro x64

My Computers

System One System Two

  • OS
    Windows 11 Pro x64
    Computer type
    PC/Desktop
    Manufacturer/Model
    DIY
    CPU
    10900K, 5.2 GHz all-core
    Motherboard
    Asus ROG Maximus Hero XIII Wifi
    Memory
    64GB (2x32) G.skill TridentZ RGB 4266 MHz CL18
    Graphics Card(s)
    Asus ROG Strix 2070 Super A8G
    Sound Card
    Onboard Audio, Vanatoo Transparent One; Klipsch R-12SWi Sub
    Monitor(s) Displays
    Eizo CG2730, ViewSonic VP2768
    Screen Resolution
    2560 x 1440p x 2
    Hard Drives
    WDC SN850 1TB nvme, SK-Hynix 2 TB P14 nvme, Samsung 980 1TB nvme, Raid 0: 1TB 850 EVO + 1TB 860 EVO SSD. Sabrent USB-C DS-SC5B docking station: 6TB WDC Black, 6TB Ironwolf Pro; 2x 2TB WDC Black
    PSU
    750W Seasonic Prime Ultra Titanium Plus
    Case
    Fractal Design Meshify 2 dark tint glass
    Cooling
    EK-AIO 360 D-RGB w/Phanteks T30-120 fans, Noctua NF-A14 Chromax case fan
    Keyboard
    Glorious GMMK TKL - Brown mechanical, lubed modded
    Mouse
    Logitech G305 wireless gaming
    Internet Speed
    370 Mb/s down, 12 Mb/s up
    Browser
    Firefox
    Antivirus
    Defender, Macrium Reflect 8 ;-)
    Other Info
    Logitech C920e Webcam (crap don't buy)
  • Operating System
    Mac OS
    Computer type
    Laptop
    Manufacturer/Model
    Apple 13" Macbook Pro 2020 (m1)
    CPU
    M1
    Monitor(s) Displays
    2560x1600

Winuser

Well-known member
Pro User
VIP
Local time
1:15 PM
Posts
4,436
Visit site
OS
Windows 11
On my sign-in screen, if I select Sign in Options two icons appear. The left icon, a keypad, when I hover my mouse over it the pop out says PIN. The right icon for computer login the pop out says Microsoft Account Password. I know some people don't have a MS account password for whatever reason. In those cases if their PIN fails, they may or not be prompted for a password. Without a MS account password, they could be locked out. At least that's the way I see it, just thinking out loud here.

When I made my PIN I made a complex one with upper/lower case, numbers, and special characters. I do like how it's tied to the physical machine.
How does one create a pin without using their MS account password? As far as I know using a pin is part of the Windows Hello.
 

My Computers

System One System Two

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    PowerSpec B746
    CPU
    Intel Core i7-10700K
    Motherboard
    ASRock Z490 Phantom Gaming 4/ax
    Memory
    16GB (8GB PC4-19200 DDR4 SDRAM x2)
    Graphics Card(s)
    NVIDIA GeForce GTX 1050 TI
    Sound Card
    Realtek Audio
    Monitor(s) Displays
    Samsung SAM0A87 Samsung SAM0D32
    Screen Resolution
    1920 x 1080
    Hard Drives
    NVMe WDC WDS100T2B0C-00PXH0 1TB
    Samsung SSD 860 EVO 1TB
    PSU
    750 Watts (62.5A)
    Case
    PowerSpec/Lian Li ATX 205
    Keyboard
    Logitech K270
    Mouse
    Logitech M185
    Browser
    Microsoft Edge and Firefox
    Antivirus
    ESET Internet Security
  • Operating System
    Windows 11 Dev
    Computer type
    Laptop
    Manufacturer/Model
    HP Envy x360 15-ds1083cl
    CPU
    AMD Ryzen 7 4700U 2.0GHZ
    Memory
    16 MB DDR 4-2666
    Graphics card(s)
    AMD Radeon
    Monitor(s) Displays
    15.6"
    Screen Resolution
    1920x1080
    Hard Drives
    PCIe NVMe M.2 512GB
    Browser
    Firefox, Edge and Edge Canary
    Antivirus
    ESET Internet Security

geneo

Well-known member
Power User
VIP
Local time
1:15 PM
Posts
3,104
Visit site
OS
Windows 11 Pro x64
How does one create a pin without using their MS account password? As far as I know using a pin is part of the Windows Hello.
You should be able to use it with some other password protected online accounts.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro x64
    Computer type
    PC/Desktop
    Manufacturer/Model
    DIY
    CPU
    10900K, 5.2 GHz all-core
    Motherboard
    Asus ROG Maximus Hero XIII Wifi
    Memory
    64GB (2x32) G.skill TridentZ RGB 4266 MHz CL18
    Graphics Card(s)
    Asus ROG Strix 2070 Super A8G
    Sound Card
    Onboard Audio, Vanatoo Transparent One; Klipsch R-12SWi Sub
    Monitor(s) Displays
    Eizo CG2730, ViewSonic VP2768
    Screen Resolution
    2560 x 1440p x 2
    Hard Drives
    WDC SN850 1TB nvme, SK-Hynix 2 TB P14 nvme, Samsung 980 1TB nvme, Raid 0: 1TB 850 EVO + 1TB 860 EVO SSD. Sabrent USB-C DS-SC5B docking station: 6TB WDC Black, 6TB Ironwolf Pro; 2x 2TB WDC Black
    PSU
    750W Seasonic Prime Ultra Titanium Plus
    Case
    Fractal Design Meshify 2 dark tint glass
    Cooling
    EK-AIO 360 D-RGB w/Phanteks T30-120 fans, Noctua NF-A14 Chromax case fan
    Keyboard
    Glorious GMMK TKL - Brown mechanical, lubed modded
    Mouse
    Logitech G305 wireless gaming
    Internet Speed
    370 Mb/s down, 12 Mb/s up
    Browser
    Firefox
    Antivirus
    Defender, Macrium Reflect 8 ;-)
    Other Info
    Logitech C920e Webcam (crap don't buy)
  • Operating System
    Mac OS
    Computer type
    Laptop
    Manufacturer/Model
    Apple 13" Macbook Pro 2020 (m1)
    CPU
    M1
    Monitor(s) Displays
    2560x1600

Winuser

Well-known member
Pro User
VIP
Local time
1:15 PM
Posts
4,436
Visit site
OS
Windows 11
I just noticed a setting in Accounts > Sign-in options. Under Additional setting is an option to only allow Windows Hello sign-in for Microsoft accounts on this device. I wonder having this option turned on is why some users don't have the option to use their password instead of the pin?
 

My Computers

System One System Two

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    PowerSpec B746
    CPU
    Intel Core i7-10700K
    Motherboard
    ASRock Z490 Phantom Gaming 4/ax
    Memory
    16GB (8GB PC4-19200 DDR4 SDRAM x2)
    Graphics Card(s)
    NVIDIA GeForce GTX 1050 TI
    Sound Card
    Realtek Audio
    Monitor(s) Displays
    Samsung SAM0A87 Samsung SAM0D32
    Screen Resolution
    1920 x 1080
    Hard Drives
    NVMe WDC WDS100T2B0C-00PXH0 1TB
    Samsung SSD 860 EVO 1TB
    PSU
    750 Watts (62.5A)
    Case
    PowerSpec/Lian Li ATX 205
    Keyboard
    Logitech K270
    Mouse
    Logitech M185
    Browser
    Microsoft Edge and Firefox
    Antivirus
    ESET Internet Security
  • Operating System
    Windows 11 Dev
    Computer type
    Laptop
    Manufacturer/Model
    HP Envy x360 15-ds1083cl
    CPU
    AMD Ryzen 7 4700U 2.0GHZ
    Memory
    16 MB DDR 4-2666
    Graphics card(s)
    AMD Radeon
    Monitor(s) Displays
    15.6"
    Screen Resolution
    1920x1080
    Hard Drives
    PCIe NVMe M.2 512GB
    Browser
    Firefox, Edge and Edge Canary
    Antivirus
    ESET Internet Security

geneo

Well-known member
Power User
VIP
Local time
1:15 PM
Posts
3,104
Visit site
OS
Windows 11 Pro x64
I just noticed a setting in Accounts > Sign-in options. Under Additional setting is an option to only allow Windows Hello sign-in for Microsoft accounts on this device. I wonder having this option turned on is why some users don't have the option to use their password instead of the pin?
Wasn't the case for Dru2.

I gotta say all of this is hokus pokus, make you feel better, we got your back in an insecure scary world marketing. It isn't any great advance in security from what I can tell. Sure when you use a password with a network account you have to send the encrypted password over the network as opposed to a local PIN. But that can't be a big deal. And that password is stored somewhere in the cloud. After all, you used to be able to be able to password protect locally, but then there had to be a backdoor in-case you forgot. IDK, maybe I am missing something but I don't think so.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro x64
    Computer type
    PC/Desktop
    Manufacturer/Model
    DIY
    CPU
    10900K, 5.2 GHz all-core
    Motherboard
    Asus ROG Maximus Hero XIII Wifi
    Memory
    64GB (2x32) G.skill TridentZ RGB 4266 MHz CL18
    Graphics Card(s)
    Asus ROG Strix 2070 Super A8G
    Sound Card
    Onboard Audio, Vanatoo Transparent One; Klipsch R-12SWi Sub
    Monitor(s) Displays
    Eizo CG2730, ViewSonic VP2768
    Screen Resolution
    2560 x 1440p x 2
    Hard Drives
    WDC SN850 1TB nvme, SK-Hynix 2 TB P14 nvme, Samsung 980 1TB nvme, Raid 0: 1TB 850 EVO + 1TB 860 EVO SSD. Sabrent USB-C DS-SC5B docking station: 6TB WDC Black, 6TB Ironwolf Pro; 2x 2TB WDC Black
    PSU
    750W Seasonic Prime Ultra Titanium Plus
    Case
    Fractal Design Meshify 2 dark tint glass
    Cooling
    EK-AIO 360 D-RGB w/Phanteks T30-120 fans, Noctua NF-A14 Chromax case fan
    Keyboard
    Glorious GMMK TKL - Brown mechanical, lubed modded
    Mouse
    Logitech G305 wireless gaming
    Internet Speed
    370 Mb/s down, 12 Mb/s up
    Browser
    Firefox
    Antivirus
    Defender, Macrium Reflect 8 ;-)
    Other Info
    Logitech C920e Webcam (crap don't buy)
  • Operating System
    Mac OS
    Computer type
    Laptop
    Manufacturer/Model
    Apple 13" Macbook Pro 2020 (m1)
    CPU
    M1
    Monitor(s) Displays
    2560x1600

glasskuter

Well-known member
Pro User
VIP
Thread Starter
Local time
12:15 PM
Posts
3,278
Location
Paris in the Lone Star State of Texas
Visit site
OS
Windows 11 Pro 22H2 22621.1105
I think what @geneo is saying is that if for some reason the pin doesn't work you can still use your password
That statement is absolutely correct if everything is working correctly. BUT according to posts I have read from users across the web it doesn't always happen the way it is supposed to. They never see an option to enter a password. Whether it is an issue with Windows or from whatever reason the TPM gets hosed up (bios update, whatever), the flow of the login process is affected. If the issue in on the Windows side, maybe our backups would save us. But if the issue is on the TPM side, backups are useless.

There are enough instances reported that this should be a concern for everyone. If it works as expected ALL the time, I wouldn't be concerned. But it's a computer and as we say here in Texas, things don't always run according to Hoyle.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 22H2 22621.1105
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 m.2 2230-256+1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 21H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell factory
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Internet Speed
    still not telling
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium

geneo

Well-known member
Power User
VIP
Local time
1:15 PM
Posts
3,104
Visit site
OS
Windows 11 Pro x64
Don't use a PIN or don't do a BIOS update until it is straightened out?

And report any issues to the feedback hub. It may not directly be a Microsoft issue, but Windows should not lock you out - it should give you the option to use a password.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro x64
    Computer type
    PC/Desktop
    Manufacturer/Model
    DIY
    CPU
    10900K, 5.2 GHz all-core
    Motherboard
    Asus ROG Maximus Hero XIII Wifi
    Memory
    64GB (2x32) G.skill TridentZ RGB 4266 MHz CL18
    Graphics Card(s)
    Asus ROG Strix 2070 Super A8G
    Sound Card
    Onboard Audio, Vanatoo Transparent One; Klipsch R-12SWi Sub
    Monitor(s) Displays
    Eizo CG2730, ViewSonic VP2768
    Screen Resolution
    2560 x 1440p x 2
    Hard Drives
    WDC SN850 1TB nvme, SK-Hynix 2 TB P14 nvme, Samsung 980 1TB nvme, Raid 0: 1TB 850 EVO + 1TB 860 EVO SSD. Sabrent USB-C DS-SC5B docking station: 6TB WDC Black, 6TB Ironwolf Pro; 2x 2TB WDC Black
    PSU
    750W Seasonic Prime Ultra Titanium Plus
    Case
    Fractal Design Meshify 2 dark tint glass
    Cooling
    EK-AIO 360 D-RGB w/Phanteks T30-120 fans, Noctua NF-A14 Chromax case fan
    Keyboard
    Glorious GMMK TKL - Brown mechanical, lubed modded
    Mouse
    Logitech G305 wireless gaming
    Internet Speed
    370 Mb/s down, 12 Mb/s up
    Browser
    Firefox
    Antivirus
    Defender, Macrium Reflect 8 ;-)
    Other Info
    Logitech C920e Webcam (crap don't buy)
  • Operating System
    Mac OS
    Computer type
    Laptop
    Manufacturer/Model
    Apple 13" Macbook Pro 2020 (m1)
    CPU
    M1
    Monitor(s) Displays
    2560x1600

glasskuter

Well-known member
Pro User
VIP
Thread Starter
Local time
12:15 PM
Posts
3,278
Location
Paris in the Lone Star State of Texas
Visit site
OS
Windows 11 Pro 22H2 22621.1105
until it is straightened out
Straightened out by whom exactly. Microsoft? The manufacturers who release new bios? You can no longer get MS on the phone. It's been reported in feedback hub which I highly doubt they pay much attention to now that the OS is released. The thing is it's not one particular OEM bios nor does it happen to everyone who updates their bios. It's a very sporadic issue that even experienced users can't make heads or tails of.
It hasn't happened to me...YET... And I don't want it to. It just makes sense to me to be pro-active and take the TPM out of the login picture. I'll first turn off pin and use my MS account to login. Then I'll try to figure out a way to permanently stop the "set up a pin' nag. It comes back even after disabling it in Group Policy. If I can't get rid of it permanently, I'll use a local account.

I do agree with @geneo. It's hokus pokus, make you feel better, we got your back in an insecure scary world marketing

I appreciate all the feedback you guys have given on this thread.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 22H2 22621.1105
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 m.2 2230-256+1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 21H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell factory
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Internet Speed
    still not telling
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium

Winuser

Well-known member
Pro User
VIP
Local time
1:15 PM
Posts
4,436
Visit site
OS
Windows 11
That statement is absolutely correct if everything is working correctly. BUT according to posts I have read from users across the web it doesn't always happen the way it is supposed to. They never see an option to enter a password. Whether it is an issue with Windows or from whatever reason the TPM gets hosed up (bios update, whatever), the flow of the login process is affected. If the issue in on the Windows side, maybe our backups would save us. But if the issue is on the TPM side, backups are useless.

There are enough instances reported that this should be a concern for everyone. If it works as expected ALL the time, I wouldn't be concerned. But it's a computer and as we say here in Texas, things don't always run according to Hoyle.
I've only device I had trouble using my pin was on my Acer Spin Laptop. Sometimes I would get a pin not recognized error. I always had the option to use my MS account password.
 

My Computers

System One System Two

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    PowerSpec B746
    CPU
    Intel Core i7-10700K
    Motherboard
    ASRock Z490 Phantom Gaming 4/ax
    Memory
    16GB (8GB PC4-19200 DDR4 SDRAM x2)
    Graphics Card(s)
    NVIDIA GeForce GTX 1050 TI
    Sound Card
    Realtek Audio
    Monitor(s) Displays
    Samsung SAM0A87 Samsung SAM0D32
    Screen Resolution
    1920 x 1080
    Hard Drives
    NVMe WDC WDS100T2B0C-00PXH0 1TB
    Samsung SSD 860 EVO 1TB
    PSU
    750 Watts (62.5A)
    Case
    PowerSpec/Lian Li ATX 205
    Keyboard
    Logitech K270
    Mouse
    Logitech M185
    Browser
    Microsoft Edge and Firefox
    Antivirus
    ESET Internet Security
  • Operating System
    Windows 11 Dev
    Computer type
    Laptop
    Manufacturer/Model
    HP Envy x360 15-ds1083cl
    CPU
    AMD Ryzen 7 4700U 2.0GHZ
    Memory
    16 MB DDR 4-2666
    Graphics card(s)
    AMD Radeon
    Monitor(s) Displays
    15.6"
    Screen Resolution
    1920x1080
    Hard Drives
    PCIe NVMe M.2 512GB
    Browser
    Firefox, Edge and Edge Canary
    Antivirus
    ESET Internet Security

Winuser

Well-known member
Pro User
VIP
Local time
1:15 PM
Posts
4,436
Visit site
OS
Windows 11
Don't use a PIN or don't do a BIOS update until it is straightened out?

And report any issues to the feedback hub. It may not directly be a Microsoft issue, but Windows should not lock you out - it should give you the option to use a password.
I found a setting in Accounts > Sign-in options to only use Windows Hello to sign-in for Microsoft Accounts on this device. I don't know if turning this option on prevents someone to using their password when logging in or not.
 

My Computers

System One System Two

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    PowerSpec B746
    CPU
    Intel Core i7-10700K
    Motherboard
    ASRock Z490 Phantom Gaming 4/ax
    Memory
    16GB (8GB PC4-19200 DDR4 SDRAM x2)
    Graphics Card(s)
    NVIDIA GeForce GTX 1050 TI
    Sound Card
    Realtek Audio
    Monitor(s) Displays
    Samsung SAM0A87 Samsung SAM0D32
    Screen Resolution
    1920 x 1080
    Hard Drives
    NVMe WDC WDS100T2B0C-00PXH0 1TB
    Samsung SSD 860 EVO 1TB
    PSU
    750 Watts (62.5A)
    Case
    PowerSpec/Lian Li ATX 205
    Keyboard
    Logitech K270
    Mouse
    Logitech M185
    Browser
    Microsoft Edge and Firefox
    Antivirus
    ESET Internet Security
  • Operating System
    Windows 11 Dev
    Computer type
    Laptop
    Manufacturer/Model
    HP Envy x360 15-ds1083cl
    CPU
    AMD Ryzen 7 4700U 2.0GHZ
    Memory
    16 MB DDR 4-2666
    Graphics card(s)
    AMD Radeon
    Monitor(s) Displays
    15.6"
    Screen Resolution
    1920x1080
    Hard Drives
    PCIe NVMe M.2 512GB
    Browser
    Firefox, Edge and Edge Canary
    Antivirus
    ESET Internet Security

Aramil

Member
Local time
6:15 PM
Posts
12
Visit site
OS
Windows 10 Pro - Windows 11
Not sure what the issue would be if the drives not encrypted and you can boot to the password screen, so can go to the Recovery Environment/ Boot selection menus and also use safemode to access anything on the drive if you have no Emergency boot USB drive. So not data loss from that point, although a robust backup procedure (as stated earlier) is always best practice to do.

The TPM is a great way to prove that the Originating request is real and from who you think it should be from, Android/Apple phones have had security processors for years to handle secure banking apps etc, all based off PIN or biometrics with an account password backup.

If your not using it to encrypt drives (save your keys if you are), and running good backups, its like worrying about going out in your car and getting a flat, it might happen but its easily fixed and the contents of the car are still there, won't stop you using your car though.
 

My Computer

System One

  • OS
    Windows 10 Pro - Windows 11

Latest Support Threads

Top Bottom