How to Use Alphanumeric Passwords with Windows Hello
This is yet another documentation-related post. The information surrounding Windows Hello, especially why the use of PIN is recommended, is simply out of context for users who would be actively looking up the answers. On Windows, traditionally speaking, a user would create an account for a Windows machine, then the login details would stay on the local machine. On current version of Windows 11, however, Windows highlights PIN as the new authentication mechanic, calling it more secure than the password.
Before I get into the details of the pretext where PIN is actually safer, you can set a traditional password (i.e. alphanumeric password) with PIN, irregardless of your account being a local one or a Microsoft one. The option to change the PIN can be toggled in the same place as where the PIN setting is in:
On Settings, Accounts > Sign-in options > during add or change Windows Hello PIN, check the box “include letters and symbols”.
The way the word PIN is used is not properly wrapped in context in most documentations I could find. Apparently, PIN is only more secure due to the fact that a user would not use Microsoft account password to login to local devices; one password for service, and a PIN for physical device. Any advantages gained from using PIN is quite meaningless for local accounts that are not using Microsoft accounts.
To put it into Apple ecosystem’s context, Windows PIN is equivalent to device passcodes. The manufacturer is recommending users to set device-specific passcodes, instead of using an online account (in Apple’s case, Apple account), even if the device is linked to the said account. There is no feature to speak of for Apple users; this has been a standard practice for quite some time.
Setting a PIN is required, so far as I could see, to use a facial recognition login. So I would recommend using a strong password ones fit to your “device password” policy. There is no magical benefit of using PIN — it’s not like banks where they still stop a suspicious transfers after a PIN.