Overview#Windows Hello is a marketing term used for implementations of the Windows Credential Provider functionality.
Windows Hello allows passwords to be transmitted to Domain Controller, PINs are not. They are tied to one device, and if compromised, only one device is affected. Backed by a Trusted Platform Module (TPM) chip, Microsoft Windows uses PINs to create strong Asymmetric Key pairs which causes the much-simpler Windows PINs to be resilient to brute-force attacks.Microsoft Windows Multi-Factor Authentication was provided by two components: Windows Hello and Microsoft Passport (not to be confused with the Passport platform of 1998) Microsoft Passport was merged into Windows Hello.
Windows Hello For Business#Windows Hello For Business is the enterprise version of Windows Hello. The differences are not clearly defined at least by Ldapwikis observation but we found this:
Windows Hello for Business, which is configured by Group Policy Object or Mobile Device Management (MDM) policy, always uses Asymmetric Key Cryptography or certificate-based authentication. This makes it much more secure than Windows Hello convenience PIN.
So Ldapwiki assumes this implies the PIN based auth is not available in Windows Hello For Business as PIN or biometric gesture on their personal devices for convenient sign-in. This use of Windows Hello is unique to the device on which it is set up, but can use a simple password hash depending on an individual's account type. This configuration is referred to as Windows Hello convenience PIN and it is not backed by Asymmetric Key Cryptography or certificate-based authentication.
More Information#There might be more information for this subject on one of the following:
- [#1] - How to go beyond passwords in Windows 10 - based on information obtained 2020-01-06
- [#2] - Passwordless Web Authentication Support via Windows Hello - based on information obtained 2020-01-06
- [#3] - Windows 10 System Security - based on information obtained 2020-01-06
- [#4] - The difference between Windows Hello and Windows Hello for Business - based on information obtained 2020-01-07