Windows insisting on a PIN instead of thumbprint

Velvis

Velvis

Well-Known Member
Reaction score
46
Location
Medfield, MA
Client computer is requiring a PIN instead of a thumbprint to login to Windows.
They do not know the PIN.
Is there a way around this?
 
Velvis said:
Client computer is requiring a PIN instead of a thumbprint to login to Windows.
They do not know the PIN.
Is there a way around this?
Click to expand...

Most likely. They've clearly established a PIN, so they absolutely do need to change it after they get in.

If you have multiple login methods set up under Windows 10, and I'd have to guess 11 as well, when you hit the login screen it should look something like this:

1669843439517.png

I believe fingerprint will show as Windows Hello, but I am not certain of that, it may even have a fingerprint icon. The machine I'm on and the machine on which the above screenshot was taken do not have fingerprint readers.

You should be able to activate any of the sign-in options buttons if the one you want is not what you're being asked for at that moment.
 
They dont know the PIN or the password. Regardless of what the choose the lock screen says Your PIN is required to sign in.
If they click on the Other User it says: Your PIN is required to sign in.

They have M365 through Godaddy, and I dont think they use Azure. (I havent been able to get access to an admin account yet).
I have found the bit locker key on the users M365 account but no other info.

Is there any place the password or PIN for the computer can be reset via M365?
 
If they use GoDaddy for 365, and they forgot their password, and their PIN, just have them give GoDaddy a call and have that users 365 password reset. And make sure they jot down that pasword.

The PIN is tied to Windows Hello, and is unique per device, and set on the device. The PIN is not configurable at the 365 account, it's changed locally on the device, unique per device. Once the user knows their 365 password, they can then log into the computer (you'll have a choice to skip the PIN and sign in with a password).....and then they can go to the computers Hello config (sign in options) and although they won't be able to "change" their PIN (because it will require them to type in the old one), they can do the "forgot my PIN" option, or they can remove the PIN...and then create a new one. The "Forgot my PIN" option simply challenges for 365 authentication (and hopefully MFA)..and then it's a quick change after that.
 
YeOldeStonecat said:
If they use GoDaddy for 365, and they forgot their password, and their PIN, just have them give GoDaddy a call and have that users 365 password reset. And make sure they jot down that pasword.

The PIN is tied to Windows Hello, and is unique per device, and set on the device. The PIN is not configurable at the 365 account, it's changed locally on the device, unique per device. Once the user knows their 365 password, they can then log into the computer (you'll have a choice to skip the PIN and sign in with a password).....and then they can go to the computers Hello config (sign in options) and although they won't be able to "change" their PIN (because it will require them to type in the old one), they can do the "forgot my PIN" option, or they can remove the PIN...and then create a new one. The "Forgot my PIN" option simply challenges for 365 authentication (and hopefully MFA)..and then it's a quick change after that.
Click to expand...
She knows her M365 password. (I tested it and was able to login to M365 on my machine.) But it says her M365 password is incorrect when trying to login to windows. I had her check the caps lock and number lock in case that was messing it up.

She has always used her fingerprint and has no idea what the PIN or password is.
 
She needs to know the password for the Microsoft account linked to the Windows user account, and since it's not taking the one for her M365 account that clearly means she has ANOTHER Microsoft Account linked to her Windows account.

What shows on her login screen as far as userid? Very often, it will be the email address for that Microsoft Account if they never bothered setting up the name.

This is yet another reason why I hate any login method that does not require either a PIN or password entry. This ALWAYS eventually happens. Having a PIN or password in "muscle memory" prevents this.
 
britechguy said:
She needs to know the password for the Microsoft account linked to the Windows user account, and since it's not taking the one for her M365 account that clearly means she has ANOTHER Microsoft Account linked to her Windows account.

What shows on her login screen as far as userid? Very often, it will be the email address for that Microsoft Account if they never bothered setting up the name.

This is yet another reason why I hate any login method that does not require either a PIN or password entry. This ALWAYS eventually happens. Having a PIN or password in "muscle memory" prevents this.
Click to expand...
It just shows her first and last name.
 
Velvis said:
She knows her M365 password. (I tested it and was able to login to M365 on my machine.) But it says her M365 password is incorrect when trying to login to windows. I had her check the caps lock and number lock in case that was messing it up.

She has always used her fingerprint and has no idea what the PIN or password is.
Click to expand...

OK, so she may be on a Windows "Home" machine that was logged in with a "personal" Microsoft account, or...could be a Win Pro machine also, that wasn't setup properly for M365...and had the "personal" account added by mistake.

I have both a Microsoft personal account and business account, both use my work email. Don't really use the personal one for anything.
 
YeOldeStonecat said:
OK, so she may be on a Windows "Home" machine that was logged in with a "personal" Microsoft account, or...could be a Win Pro machine also, that wasn't setup properly for M365...and had the "personal" account added by mistake.

I have both a Microsoft personal account and business account, both use my work email. Don't really use the personal one for anything.
Click to expand...
I had her try her password for her personal account and it said incorrect password.

I suppose its possible it was just setup with a local account and she long forgot the password?
 
Velvis said:
I had her try her password for her personal account and it said incorrect password.

I suppose its possible it was just setup with a local account and she long forgot the password?
Click to expand...

Possibly, you could boot up from one of the Password Reset USB thumb drive utilities and reset a local Admin account...and then look for local users. Won't work if the computer is bitlockered.
 
YeOldeStonecat said:
Possibly, you could boot up from one of the Password Reset USB thumb drive utilities and reset a local Admin account...and then look for local users. Won't work if the computer is bitlockered.
Click to expand...
Unfortunately its a remote worker. If I have it shipped to me can I just wipe it completely without knowing the bitlocker key? (obviously, I realize the data will be lost.)
 
Velvis said:
It just shows her first and last name.
Click to expand...

Which means, on top of all else, she's logged in to the Microsoft Account linked to this account and edited the name (unless it's an Outlook.com, Hotmail, etc., address where that's already known). My own example (strategically redacted):

1669923694561.png

You have to edit your name or else your email address appears in the main Windows login screen.

Sadly, and I don't say this lightly or without sympathy, but this is a mess of her own making. For the love of heaven, you MUST keep track of your login credentials - ALL of them.

Does she have no password hint setup? (Probably not, but it never hurts to activate that or Forgot Password, which should throw you somewhere that might help figure out what this is linked to.)

You could, of course, be correct that this is a local account, too.
 
Velvis said:
If I have it shipped to me can I just wipe it completely without knowing the bitlocker key?
Click to expand...

Yes. This has actually been discussed somewhere recently, and I thought it was a topic here. You can completely clean install on a BitLockered drive and it gets the standard wipe of your choosing during the install.
 
Yup, confirm you can nuke and pave a Bitlockered drive....nothing fancy needed. Just blow away any/all partitions and format fresh.

If she's remote, granted it will take some time, but you can create a bootable USB flash drive with your favorite Windows password reset tool on it, send it to her, and try to walk her through it over the phone...booting up from it, etc etc. About the last thing I can think of.
 
In a situation like this, with a MS account BL'd drive you also have to turn off secure boot. Otherwise it'll just prompt you for the BL key each time. Found this out after doing N&P on 20 laptops where the company had no key or account info.
 
Velvis said:
I had her try her password for her personal account and it said incorrect password.

I suppose its possible it was just setup with a local account and she long forgot the password?
Click to expand...
If it really is a local account, have look at Rescatux: https://www.supergrubdisk.org/rescatux/ This is basically a souped-up fork of the old 'chntpassword' hack. I have used it on Win 10 Home using local accounts with success. Nothing ventured....
 
You must log in or register to reply here.

Similar threads

Velvis
Surface Pro 7 forgot PIN
Replies
10
Views
230
frase
frase
Big Jim
any tricks to "tighten up" a loose DC plug
Replies
3
Views
131
ComputerDave
ComputerDave
johnrobert
Dell Inspiron 15 3511 Firmware update
Replies
11
Views
271
GTP
GTP
thecomputerguy
Why is this happening when trying to register new computer with a work or school account?
Replies
9
Views
538
thecomputerguy
thecomputerguy
HCHTech
Fun with Google Business listing
Replies
1
Views
134
ThatPlace928
ThatPlace928
Back
Top