Hello Reader,

Continuing from yesterday’s entry—where we explored the logs for biometric face-scanning authentication in Windows Hello—today we’re taking a closer look at PIN-based authentication. With a PIN, you can sign in using a simple number sequence instead of a full password.

To test this out, I ensured my PIN was already set up, locked my workstation, and then unlocked it using the PIN. Here’s what I observed in the security logs:

• Event ID 4624: I found two entries related to my sign-in. One of these events is marked as type 11, which indicates:

  CachedInteractive: A user logged on to this computer with network credentials that were stored locally on the computer. The domain controller wasn't contacted to verify the credentials.

• The other was a Type 7: Which indicated that my workstation was unlocked.

Additionally, the logon process is recorded as “Negotiat,” and the authentication package is listed as “Negotiate” as well.

Interestingly, I didn’t come across any specific logs that would clearly indicate a PIN was used. I was hoping to find entries in either the Windows Hello for Business or User Device Registration logs—similar to what we see with biometric logins—but neither those logs nor the biometric logs provided any details related to the PIN-based login.

Next on my list is testing a Windows Hello–approved fingerprint scanner. Stay tuned for more updates on that front!