Typing your password each time you want to sign into Windows can be a hassle, especially if that password is lengthy or otherwise complex. My Windows password is notably long and complex, so it’s not something I’d relish having to type every time.
Instead, Microsoft lets you establish an alternative method of authentication via its Windows Hello technology. You can set up a PIN, a fingerprint scan, a facial scan, or a physical security key, and turn to any or all of those factors to sign into Windows 10 or 11.
You can take Windows Hello a step further by eliminating the password sign-in option on the Windows login screen so that it doesn’t even appear. The main limitation here is that this capability works only with Microsoft accounts, so you can’t use it with a local account or an account with your organization.
But why remove the password sign-in option in the first place? Mostly for security reasons. Not having the password field available could deter someone who steals or otherwise acquires your password and aims to use it to physically log into your PC. However, there are a couple of bumps in the road if you jettison the password sign-in this way. Let’s see how this all plays out.
First, you’ll want to set up your alternative authentication method or methods. In Windows 10 or 11, go to Settings > Accounts > Sign-in options. To use any of the Windows Hello options, you’ll need to first set up a PIN if you haven’t already done so.
Click the option for Windows Hello (PIN) in Windows 10 or PIN (Windows Hello) in Windows 11 and then select Add or Set up. You’ll want to create a numerical PIN with at least four digits. To devise a longer and more complex PIN, check the box for Include letters and numbers and select the link for PIN requirements. Follow the guidelines to cook up the right PIN. When done, click OK (Figure 1).
Now you can set up the other available methods for additional security, notably the biometric ones. If your laptop has a built-in fingerprint scanner or you’ve added a supported USB fingerprint reader to your PC, Windows will indicate that this method is recommended. If you qualify, choose that option and follow the steps to scan your fingerprint (Figure 2).
The same goes for facial recognition. If your laptop has a Windows Hello-compatible webcam or you’ve added a supported camera to your desktop PC, Windows will invite you to set up the facial scan with a Recommended status. Follow the steps to capture and record your smiling face (Figure 3).
Another secure method is a physical security key. Offered by Google, Yubico, and other vendors, these keys connect to your PC via a USB port, Bluetooth, or NFC and require authentication through a PIN or fingerprint scan. The downside is that you’d need to spend some money to buy one of these. And if you use more than one computer, you’d have to keep the key with you. But if you already have a key and want to use it, make sure it’s connected, select the option to sign in with one, and then follow the steps to set it up (Figure 4).
OK, great. You’ve enabled one or more alternative methods to sign into Windows. Go back to the Sign-in options screen under Accounts in Settings. Below the alternative authentication methods is a section for Require Windows Hello Sign-in for Microsoft Accounts. This setting might already be enabled. If not, turn it on.
Now log out of Windows and get to the login screen. Notice that among the different options for signing in, the one for the password is gone. This means no one can else can sign in using your password. But it also means you can’t sign in with your password, so you have to use one of the other methods you set up (Figure 5).
But here’s the problem. If one of the biometric options fails, then you have to fall back to your PIN, which depending on its complexity (or simplicity), may not be as secure as a facial or fingerprint scan or even as secure as a good, healthy password.
To grapple with that issue, I’d suggest setting up multiple authentication methods assuming your PC supports them. So for example, if your camera isn’t working, then you could fall back on your fingerprint scanner. If your fingerprint scanner won’t read your fingerprint, then you can turn to your security key. On my main Windows PC, I have both fingerprint and facial recognition enabled as well as a security key as a backup.
But wait, here’s a second problem. Sign into your PC with one of the passwordless options. Now let’s say you want to connect to that PC from another device via Microsoft Remote Desktop. And to connect, you use a stored account that you’ve used before so you don’t have to enter the password each time. Select the PC at the RDC screen. Instead of connecting, though, you receive an error that Remote Desktop can’t connect to the remote computer. What’s wrong? Well, RDC requires the account password for authentication; it won’t work with a passwordless option (Figure 6).
Here’s how to get around this obstacle. Open the full console for RDC and check the option for Always ask for credentials. Now try connecting to your PC. Enter the password for the remote account when prompted and you should be connected (Figure 7).
As long as the remote PC stays on and is accessible, you can uncheck the option for Always ask for credentials to avoid having to enter your password each time. But if you reboot that remote PC and sign back in with one of the passwordless options, then you’ll have to recheck the option for Always ask for credentials on the guest PC and supply your password to connect.
Of course, depending on your environment, supplying your password each time you use RDC to connect to a remote PC may be advisable for security reasons. But at least now you know the pros and cons of going passwordless in Windows and how to resolve the problems that may arise as a result.