How To / Windows

What is Windows Hello Secure Sign-in: How to Set Up and Disable

  • Windows Hello is a secure and easy way to access your Windows device.
  • You can use a PIN, security key, or biometric data (facial recognition, fingerprint) to log in to your device with Windows Hello.
  • Windows Hello authentication data is only stored locally on your device and is an authentication method deemed safer when compared to typical passwords.
windows hello secure login

Using strong passwords means longer and more complex strings that are impossible to remember. That’s why a lot of people are reusing the same weak passwords, thus compromising security.

Windows Hello is offered as an alternative by Microsoft, being both simpler to use and safer at the same time. How is that possible? Read on to find out what Windows Hello is, how it works, and how you can set it up on your Windows computer. Don’t like it? I’ll even show you how to disable it.

What is Windows Hello Sign-in?

Windows Hello is a local authentication method for Windows computers that uses your biometric information, a simple and easy-to-remember PIN, or a hardware key to log you in or provide access to compatible services.

Windows Hello is not a password, but a way to provide authentication on a Windows device. This means passwords stored locally are not sent to a server for comparison, so no danger of being intercepted by a third party.

How Secure Is Windows Hello Compared to Normal Passwords

Windows Hello encrypts authentication data on the local device and protects it with a dedicated hardware device, usually a TPM chip built into your CPU or motherboard. This is not always the case, but using a TPM (Trusted Platform Module) is definitely the saver way to store Windows Hello authentication tokens.

Now it starts to make sense for Microsoft to mandate the presence of a TPM chip for Windows 11-compatible devices.

Your Windows Hello data is never stored in the cloud and never sent via the Internet.

Is there a downside? Probably the fact you have to set up Windows Hello on each and every device you’re using. That’s not such a big nuisance if you ask me.

Anyway, the takeaway is that Windows Hello is just as safe as passwords and possibly safer than weak passwords.

It’s even possible to completely get rid of your Microsoft Account password but to be honest, that’s not something I’m personally ready for today.

Windows Hello Sign-in Options

There are multiple authentication options available with Windows Hello:

  • Facial recognition;
  • Fingerprint recognition;
  • PIN code;
  • Security Key.

Not every computer can use all the methods of authentication compatible with Windows Hello. For facial recognition, you would need an infrared webcam, capable of sensing depth. A regular webcam won’t be enough.

Fingerprint authentication requires a fingerprint reader, while for using a secure key you need a physical hardware device, which can be a special card that requires a card reader installed or a USB key that works with pretty much any USB Type-A port.

How to Set Up Windows Hello with a PIN

Each Windows Hello authentication method must be set up individually on each device you plan on using.

I can’t show you how to set up all the Windows Hello authentication methods because I don’t have an IR webcam or a fingerprint sensor on my laptop, but I will show you the easiest method, the PIN code.

Windows Hello PINs can be short numbers made of only 4 characters, similar to a credit card, or you can opt for more complex strings. Both offer similar levels of security, especially when coupled with group policies that prevent brute force attempts, so don’t dismiss them.

1. Open the Windows Settings app by pressing Win + I.

2. Navigate to the following section: Accounts > Sign-in options.

windows settings accounts sign in options

3. On the right side of the window select one of the Ways to sign in compatible with your current device. The This option is currently unavailable text will be displayed next to incompatible methods.

windows 11 settings account sign in options

Expand the PIN (Windows Hello) section for this guide.

4. Next to the Use a PIN to sign in to Windows, apps, and services click on the Set up button.

add windows 11 hello pin

5. You will now be asked to enter your current account password, online or offline.

windows security verifiy account password

6. At this step enter the new PIN you want to use with Windows Hello and confirm the pin. In the default configuration, you will only be able to use numbers. Check the Include letters and symbols if you wish to set a more complex PIN.

windows security set up a pin

7. That’s it: you now have a PIN set up for the current Windows computer.

windows hello pin is all set

Now every time you log in to Windows you will be asked for the Windows Hello PIN, not the account password.

Windows Hello acts as a local passkey that provides access to not only your Microsoft online account where it can be set as a secondary authentication method but other services as well. Windows Hello can even be used as a passkey for your Google account. Windows Hello also works with local Windows accounts, so it’s a pretty versatile authentication method.

8. If you decide to change the PIN you will have to come back to the same section and click on the Change button.

change windows hello pin

You must remember the current PIN, but there’s a way to go around this problem if you forgot the Windows Hello PIN.

windows hello change pin

How to Disable Windows Hello

Let’s say that for some reason you don’t want to use Windows Hello anymore. If that’s the case here are the steps to follow for each of the authentication methods you have enabled (for each of your devices).

1. Open the Settings app once again.

2. Find your way to Accounts > Sign-in options.

3. Expand the Windows Hello methods you want to remove.

4. Click on the Remove button next to Remove this sign-in option.

windows hello remove pin option

5. You will see a warning message at this step.

windows hello remove pin confirmation

If you press the Remove button once again you may be asked for the current account password.

If the remove button is grayed out it can only mean that your organization has chosen no disable the option, mandating the use of that specific Windows Hello method.

And now you know the most important bits about Windows Hello. It wasn’t my intention to make this a comprehensive deep dive into the specifics of the technology. But I do hope I convinced you to give Windows Hello a try.

Avatar for Ionuț-Alexandru Popa
I'm a writer and Editor-in-Chief at BinaryFork. I am passionate about technology, science, space exploration, and movies. I started writing about tech more than 20 years ago, after graduating in Computer Science.
Want to work smarter, not harder? Join our FREE Newsletter
Learn tricks you can use daily to save time. You will also receive a PDF with the essential Windows 11 keyboard shortcuts.
SIGN ME UP!
We want to hear what you have to say:

Your email address will not be published. Required fields are marked *

Our readers appreciate heated debates, as long as they remain polite, so they ask for your respect, even if you don't completely agree with them. Thanks!

The written content on our website is available free of charge because of the ads we're showing. Please support our efforts and deactivate your AdBlocker when you visit our site. Thank you!
Join our FREE Newsletter and learn computer tips you can use to do things faster
Every subscriber receives a PDF with the essential Windows 11 keyboard shortcuts.
I WANT TO JOIN!