So what are you guys doing when you come across a machine that only boots with the fingerprint reader? Got one now that the customer was here to scan his prints. I'll N&P because of remote access scam? What if the customer is unavailable?
No PIN, no Password, just fingerprint reader?
- Thread starter Diggs
- Start date
britechguy
Well-Known Member
- Reaction score
- 4,041
- Location
- Staunton, VA
If you N&P then it's a non-issue, as you'll be setting up everything from scratch.
Prior to that, are you saying that once the machine is up and running and logged in via fingerprint that you cannot do anything in Settings, Accounts, Sign-In Options for that account to actually add a PIN (as but one option)?
Prior to that, are you saying that once the machine is up and running and logged in via fingerprint that you cannot do anything in Settings, Accounts, Sign-In Options for that account to actually add a PIN (as but one option)?
No, I'm good once logged in but what if you turn on the machine and all that is available is fingerprint? I don't remember any other option than fingerprint on the boot screen. How do you trigger password/PIN entry. (Customer says there isn't one - heh...)
...and since Bitlocker (Device Encryption) is active I'll probably just do a Windows reset removing everything. I have yet to see anything that says that is not as effective from a security standpoint as a full N&P from ISO. It's just that the OEM bloatware is there.
...and since Bitlocker (Device Encryption) is active I'll probably just do a Windows reset removing everything. I have yet to see anything that says that is not as effective from a security standpoint as a full N&P from ISO. It's just that the OEM bloatware is there.
Last edited:
britechguy
Well-Known Member
- Reaction score
- 4,041
- Location
- Staunton, VA
If you're doing a N&P whether Bitlocker is active or not is irrelevant. You can always re-enable it if it's not enabled by default (and it probably will be) once the N&P is done.
If you set up a PIN or a password there should be icons on the lock screen that allow you to switch between verification methods. If you like I can go upstairs and fire up my machine that has a fingerprint reader, and where I use it, so that you can see exactly what I'm talking about.
There is always a way to switch between verification methods when multiple ones have been set up.
If you set up a PIN or a password there should be icons on the lock screen that allow you to switch between verification methods. If you like I can go upstairs and fire up my machine that has a fingerprint reader, and where I use it, so that you can see exactly what I'm talking about.
There is always a way to switch between verification methods when multiple ones have been set up.
Good point. I usually pull and dock drives to image and FABs which of course is an issue with Bitlocker which has been on my mind lately.
britechguy
Well-Known Member
- Reaction score
- 4,041
- Location
- Staunton, VA
And which is relevant if that's what you intend to do now. Bitlocker would need to be turned off first, or at least that's what I'd do.
From my understanding you can't set a fingerprint without setting a pin, which requires having a password. It's been a while since I've fingerprint logged into Windows. It should have a Sign in options link below the prompt for the fingerprint, there you can do password/pin.
I had one that was using the facial option, I booted the laptop up and it scanned my face and logged in. I don't think I really looked anywhere similar to the guy. Didn't have to use the password on that one.
I had one that was using the facial option, I booted the laptop up and it scanned my face and logged in. I don't think I really looked anywhere similar to the guy. Didn't have to use the password on that one.
I'm spooked. The FABs files are not visible on the external drive. Don't know what happened as I checked that they were there afterwards. Unfortunately I've already reset Windows. Time to restore an image (I always image) and go from there. If I restore to an external drive then it's going to be bitlockered(?) and I still can't get at the customer data(?). Hmmm.... (Hate this Bitlocker stuff.....)
HCHTech
Well-Known Member
- Reaction score
- 3,836
- Location
- Pittsburgh, PA - USA
Agree. PINs are bad enough, just an excuse to forget the password (which you WILL need at some point now or in the future) because you don't get the daily muscle-memory training of inputting it. Now, you can have a fingerprint logon, which causes the PIN to be forgotten, which puts you further away from the darned password (which you WILL need, see above), which you forgot on the next boot after enabling the PIN.
There are some days where I think my primary skill is resetting passwords - by the time 5:00 rolls around, I can't take one even one more.
britechguy
Well-Known Member
- Reaction score
- 4,041
- Location
- Staunton, VA
Which is precisely why I hate, hate, hate anything that "auto enters" passwords. The biggest thing to create lack of password memory is the browser password saving features. I know peope who've been using many sites (including their webmail) for years who have no memory whatsoever of their passwords because they haven't actually entered them in years.
When there's a "crash and burn" and they've used no password manager with a cloud vault, or a paper and pencil locked log management method, they're royally screwed.
Passwords need to be entered to get them in muscle memory.
What I find really weird these days about the Microsoft PIN is it need no longer be a PIN (literally). There's the option to allow characters which turns it into, wait, a *password*!
britechguy
Well-Known Member
- Reaction score
- 4,041
- Location
- Staunton, VA
As I would be. But, I'll reiterate, I would never Fabs a drive with BitLocker still active. If I know I have a BitLockered drive that I wish to extract user data from for later copying back, I ALWAYS turn BitLocker off first. I want to know that what I'm copying off is not going to come back to bite me in the posterior secondary to encryption issues.
I know it's not a problem when you take a system image with imaging software.
But the goal here was to get the user data off, nuke & pave the system, put the user data back.
Any time the word "off" is involved from an encrypted drive I want to be assured that whatever method I'm using unencrypts the stuff either prior to it ever being copied or moved off or during the process of doing so.
Encryption except where needed is a grand PITA and is only getting grander because it's being universally applied and when something with encryption breaks (and we all know it has and does), unless you have backups, you're screwed.
...and this I should have done. Even the image does not have the customer documents. Macrium stated it was restoring with bitlocker turned off but the documents are not there. They are not there when I browse the image either. I ran FABs twice but bailed on the first try yet found the customer data I need on my little travel drive. FABs had nothing but failure trying to backup Edge which is why I cancelled out of the first effort.
Last edited:
Ask them for the PIN or password, and they must exist to use fingerprint as mike said above. So then it's a password recovery situation because they're going to need their MS acct password at some point anyway.
britechguy
Well-Known Member
- Reaction score
- 4,041
- Location
- Staunton, VA
As I mentioned, I have a machine that has a fingerprint reader, and here's what you should be seeing when you fire it up.
This is the initial lock/login screen. Note the Sign-in Options link I have highlighted at the bottom. The machine is waiting for a fingerprint scan by default, but you can activate that link:
Then, if you activate that link, you will see the lock screen change to this. And in this case, the icons for fingerprint, PIN, and Password are reasonably clear without any text:
This is the initial lock/login screen. Note the Sign-in Options link I have highlighted at the bottom. The machine is waiting for a fingerprint scan by default, but you can activate that link:
Then, if you activate that link, you will see the lock screen change to this. And in this case, the icons for fingerprint, PIN, and Password are reasonably clear without any text:
Last edited:
nlinecomputers
Well-Known Member
- Reaction score
- 8,530
- Location
- Midland TX
Never seen that. You always have the option to drop down to the password or pin. In fact you can’t create a fingerprint without also creating a pin. And if your fingers fail after the third attempt it will prompt for the pin.
britechguy
Well-Known Member
- Reaction score
- 4,041
- Location
- Staunton, VA
I have no idea, none, why the same image is repeated twice in that last message and the second image that was supposed to be present just disappeared. But here's what you see after you hit that Sign-in options link:
As usual the customer swears no PIN or password. Completely clueless. He scanned his finger before he left and I made all the backups from there before reset.
I must not have been paying attention. I think this is the first fingerprinted machine I have worked on.
britechguy
Well-Known Member
- Reaction score
- 4,041
- Location
- Staunton, VA
I am no longer quite so judgmental regarding the, "No password, no PIN," claims because I keep increasingly finding that, if asked delicately, it comes to light that some "other idiot who feels no obligation to inform the actual owner" has actually set up (I'll stick with Windows here, but the principles apply across platforms) the Microsoft Account, Windows 10 user account linked to it (or not), password, and PIN without ever informing the actual owner that any of these things exist. They then waltz in to see the person they've set all this up for, tell them something along the lines of, "All you'll ever need to do is use the fingerprint reader," get the fingerprint registered, and away they go.
Depending on who that "other idiot" is this practice is somewhere on the scale between complete ignorance and professional malpractice. I just had a client I've seen twice in the last week who has one of the latest Samsung smartphones as well as a Samsung tablet who swore up and down that he didn't have a Google Account. When I showed him that he indeed did have a Google Account, his response was, "Oh, the guy in the store must have set that up for me." It is not the non-tech-savvy client's fault when this kind of lunacy is what happens. The complete lack of informing the actual owner of what's been set up for them, and the passwords for same, and the fact that they need to keep this information in a safe place as they will need it later is metaphorically criminal.
I do have those who I know have to have known this information because they are my longtime clients and I was around during the initial setup, but I don't log my clients' private information with the very, very rarest of exceptions. Just like I don't want the key to everyone's houses, even if I'd never, ever use them, I don't want their passwords, either.
But, yes, you cannot set up biometrics, be it facial recognition or fingerprint, without having a password or PIN (I think both, actually) before that's allowed. But the you setting up the facial rec or fingerprint may have had zero participation in the setup of the account/password/PIN.
Depending on who that "other idiot" is this practice is somewhere on the scale between complete ignorance and professional malpractice. I just had a client I've seen twice in the last week who has one of the latest Samsung smartphones as well as a Samsung tablet who swore up and down that he didn't have a Google Account. When I showed him that he indeed did have a Google Account, his response was, "Oh, the guy in the store must have set that up for me." It is not the non-tech-savvy client's fault when this kind of lunacy is what happens. The complete lack of informing the actual owner of what's been set up for them, and the passwords for same, and the fact that they need to keep this information in a safe place as they will need it later is metaphorically criminal.
I do have those who I know have to have known this information because they are my longtime clients and I was around during the initial setup, but I don't log my clients' private information with the very, very rarest of exceptions. Just like I don't want the key to everyone's houses, even if I'd never, ever use them, I don't want their passwords, either.
But, yes, you cannot set up biometrics, be it facial recognition or fingerprint, without having a password or PIN (I think both, actually) before that's allowed. But the you setting up the facial rec or fingerprint may have had zero participation in the setup of the account/password/PIN.
Nathan Igo
Active Member
- Reaction score
- 68
- Location
- Laguna Niguel, CA
Do you know if this is a local or MS connected account? If local, boot into a installation USB and get to command line to activate the administrator account. From there you can remove/change the pin or password.
If it is a MS connected account you would still need to activate and login as the local administrator and delete a folder. I ran into a similar problem a few weeks ago and was shocked that by deleting a folder it removed the user accounts pins (huge security hole, ty MS). If this is the case reply here and I will dig up the folder from my notes so you can try.
If it is a MS connected account you would still need to activate and login as the local administrator and delete a folder. I ran into a similar problem a few weeks ago and was shocked that by deleting a folder it removed the user accounts pins (huge security hole, ty MS). If this is the case reply here and I will dig up the folder from my notes so you can try.
Similar threads
