I don’t see the problem with that. Biometrics for unlock are a security nightmare as it completely remove the consent. Best is both biometrics and PIN
While a PIN in theory is better, in practice most people are using it as a convenience feature and not necessarily a security measure so they’ll likely put a pin based numbers they associate with such as their birthday
So if your adversary knows anything about you you’re still in the same boat
yes ultimately it is fine to express the problems with Windows Hello, it’s the vagueness that was problem for me, so that’s why I left the rest from there.
Like Gwen’s new statement now I find the whole exploits (except for the OEM problem with Windows Hello) still very exaggerating, maybe it was fixed in a windows updates and the drivers, yes it has to install or otherwise have any of those vulnerable drivers. (like the famous genshin mhyprot.sys).
But in general great points. especially coming from you and @jonah
2 Likes
Maybe don’t be so patronising next time and suggest I:
And this,
Shows me you just want to be patronising and not actually learn about the whole (fun) issue of LOLDrivers or “bring your own vulnerable driver”-based attacks[1]. Try to make a better point next time 
This is not “exaggerating”. And in my own experience at my day job, windows still has gaps in blocking potentially vulnerable drivers ↩︎
1 Like
I know many people who I wish would take this advice lol
1 Like
This is a bit of a strawman argument. If you leave your key under the rug for convenience, it doesn’t mean key do not work.
And BTW, I think FP+PIN is the best, but otherwise you need a strong passphrase.
Obviously the PIN functionally works Im not arguing that but the real world also makes a difference usually when people leave their key under the mat they’ve evaluated their neighborhood and social situation is safe enough to make that choice consciously but majority of people don’t have that same risk assessment with their passwords
In the context of recall if say a jealous lover wants to gets access to snapshots to your laptop activities and you’re not a security conscious person so you set your Windows Hello PIN to something simpler. Windows doesn’t have enough protections by default so there is a higher risk of compromise. Now to be fair assuming Recall remains on Copilot+ PCs (particularly within the ARM ones)
there is a chance to implement this well but in the meantime Im remaining skeptical. Until then I consider Biometrics and Hello PINs flawed for this use case