Why doesn't Microsoft default to the 4 character Pin

Discussion in 'Microsoft Surface Pro 3' started by MissionMan, Mar 23, 2015.

  1. MissionMan

    MissionMan Member

    Joined:
    Mar 22, 2015
    Messages:
    54
    Likes Received:
    15
    Trophy Points:
    8
    One of the strange annoyances I had with the SP3 when I first got it was MS defaulting the login password to a full windows password instead of the 4 character pin.

    I understand that people may want this for corporations where security is paramount but most network guys would know how to set this up if its for a company machine and most personal users are not that tech savvy. I've had to show about 5 people how to turn it on because they weren't even aware of the option and when you show them they generally say "wow, that's so much easier, why don't they set that up by default?"
     
  2. GreyFox7

    GreyFox7 Super Moderator Staff Member

    Joined:
    Jul 27, 2014
    Messages:
    6,331
    Likes Received:
    1,279
    Trophy Points:
    113
    You know you can turn it off altogether right... :rolleyes:
     
  3. sdreamer

    sdreamer Member

    Joined:
    Mar 23, 2014
    Messages:
    62
    Likes Received:
    10
    Trophy Points:
    8
    They really should have given the options during OOBE sequence. Discovery of these things is abysmal. Picture Password is really awesome, I use it instead of PIN, but no one knows about it. I can see when you enter your Microsoft Account details it should ask you if you want to use a PIN or Picture Password then step you through to set that up. If you have Biometrics then it should ask you that option as well. I'm guessing Windows Hello will have all this, hopefully.
     
  4. MissionMan

    MissionMan Member

    Joined:
    Mar 22, 2015
    Messages:
    54
    Likes Received:
    15
    Trophy Points:
    8
    Yup. But the point was simply that Microsoft selected the most difficult way of logging in out of the box.

    I think if Microsoft want to improve their user experience, they need to consider these things and at least offer the option when a person sets up their machine as someone suggested.
     
  5. GreyFox7

    GreyFox7 Super Moderator Staff Member

    Joined:
    Jul 27, 2014
    Messages:
    6,331
    Likes Received:
    1,279
    Trophy Points:
    113
    Your opinion; my opinion is they are going the right direction making security stronger.
     
  6. hughlle

    hughlle Super Moderator Staff Member

    Joined:
    Jul 7, 2014
    Messages:
    2,692
    Likes Received:
    422
    Trophy Points:
    83
    My own opinions? You're blowing it all out of proportion. I don't believe that not having the choice of security method during setup in any way tarnishes the user experience.

    At the end of the day, it's really not that hard to enter a password instead of a pin. If security is of such little concern, then why dont you just chose a 4 letter password? no harder to enter than a pin. I think "most difficult way" is just a teeny bit of an exaggeration.

    .
     
  7. vxm

    vxm Active Member

    Joined:
    Jan 31, 2015
    Messages:
    136
    Likes Received:
    63
    Trophy Points:
    28
    Location:
    Warsaw, PL
    My Device:
    SPro3
    seriously? what's so hard going to options:
    [​IMG]
    you have all the options here, pick you poison. For me strong account password is a must since it's online account, but if I work at home i stick to picture pass for sake of more convenient access, knowing that my online account has proper protection. And indeed you can just as well stick to 4 digit password if you like.
     
  8. zhenya

    zhenya Active Member

    Joined:
    Feb 14, 2013
    Messages:
    441
    Likes Received:
    66
    Trophy Points:
    28
    I think it does, as I agree with the OP. People expect a tablet to be able to be up and ready at an instant. Logging in with a PIN is far more secure than setting a 4 character password because the PIN does not replace your password, which is used in all sorts of other scenarios. The only thing the PIN is good for is for physically logging in to the device, which from a security standpoint, is of my least concern. Having a properly complex password greatly complicates the login process; using a PIN simplifies it while still maintaining the security of having a complex password where it matters most.

    What they really need is a fingerprint sensor. The Surface is the only modern device I own without one.
     
  9. kayzee

    kayzee Well-Known Member

    Joined:
    May 31, 2013
    Messages:
    2,082
    Likes Received:
    228
    Trophy Points:
    63
    Location:
    Essex, UK
    My Device:
    SPro
    I've never ran with a password... it's all about the quick boot times :D however I'm going to have to start sharing my Surface soon (damn girlfriend lol) so I suppose I had better make another account which is going to slow things down a tad.
     
  10. GreyFox7

    GreyFox7 Super Moderator Staff Member

    Joined:
    Jul 27, 2014
    Messages:
    6,331
    Likes Received:
    1,279
    Trophy Points:
    113
    What I find appalling is some companies only release security updates on at best a six month irregular schedule, and don't update even one revision back at all for anything but critical security issues. That they would default to 4 digit pin access is not surprising and even that was only after pressure was applied. It will no doubt take a significant breach event for security to become an important factor to them. That day is not too far off, as engraved invitations do not often go unanswered.
     
  11. MissionMan

    MissionMan Member

    Joined:
    Mar 22, 2015
    Messages:
    54
    Likes Received:
    15
    Trophy Points:
    8
    There are a couple of things to remember:

    1. Most end users will not spend their time on forums and are not necessarily tech savvy so something that is easy for you and I isn't easy for everyone. They expect it to work out of the box.

    2. Usability is one of the most important aspects of consumer devices. The sole reason iOS gained so much market share when it came out was because the other manufacturers were focussed on features and not on usability. They released a watered down feature set with far better usability and gained a massive market share as a result.

    3. When it comes to tablet devices, users expect them to work out of the box. They don't want to install things, change settings or anything else, their first impressions start when they log onto the device for the first time so if you provide them with something that is more cumbersome, their first reaction is "This device is crap" not "What can I do to fix this". If you have a combination login (alphanumeric), the on screen keyboard is extremely cumbersome and time consuming to log in, and as I mentioned in my initial post, almost every non-tech savvy person I have come across with the surface wasn't even aware that there was a 4 digit password option, so they didn't even know to go looking in settings. Some even wanted to switch off the password because they found it so annoying and weren't aware of the easier option.

    If Microsoft want to play in this area of the market and show they are serious, they have to provide a user experience that is comparable to the other devices on the market and most of those walk you through a process of setting up your device which includes the Pin. That's a simple reality of the market. It's something that's easy to change. The competitors invest an incredible amount into usability testing and improvements, and the whole purpose of Windows 10 is about improving usability.
     
    zhenya likes this.
  12. GreyFox7

    GreyFox7 Super Moderator Staff Member

    Joined:
    Jul 27, 2014
    Messages:
    6,331
    Likes Received:
    1,279
    Trophy Points:
    113
    We get it, the bias is dripping. We just don't agree that the default answer for all users is to give them the lowest common denominator solution. Because many will not make any effort to change the default you damn them to the lowest security by default. I believe that even the dumbest user can do better than the lowest common denominator.
     

Share This Page