Jump to content
Enpass Discussion Forum

Is it Windows Hello safe?


Recommended Posts

  • 1 month later...

I would like to add a warning about windows hello setup. The link you proviced mentioned that Window Hello uses TPM to securely store key values. On older devices without tpm, that is not the case. When you enable windows hello, you are required to create a pin. If you have a Windows computer without TPM, the PIN value are stored in a secure location. The problem is that many of these machine probably also do not have disk encryption. You can buy an utility to bruteforce your pin.


I believe Enpass smartly forces you to enter the master password on startup if you don't have a TPM, so fortunately hacking the PIN will not allow them into the vault, but it would allow them to acquire the PIN to login.

There are two things you can do to mitigate.

1. Encrypt your drive, which should prevent access to the secure element.

2. Make a really long pin simialar to a good password using letter, numbers, and special characters. Most people don't know that you can use keys other than numbers. If you are using fingerprint, you would not need to enter the pin often.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...