Why does one have to hit enter after typing one's Windows password to log in, while it's not to hit enter after typing one's PIN?

image

I've noticed that on Windows 10, one has to hit enter after typing one's Windows password to log in, while it's not to hit enter after typing one's PIN. Is there a security reason to it?

Typing one's Windows PIN to log in:



Typing one's Windows password to log in:



It’s a simple matter of usability.

For PINs with a fixed length, such as 4-digits, the PIN is automatically submitted when it reaches said set length.

Your system doesn’t know your password’s length, however, so it’s up to you to manually submit it (with enter or similar).

I cannot say this with certainty, but way back when I wondered this myself, the answer seems to have been that the threat model is different:

The PIN is only, ever, accepted on a local hardware login (and only if you enable it). It is designed as a convenience feature.

The password entry method is the default, "secure", method and it works consistently across both local and remote (RDP) logins and consistently requires ack of the PW via enter.

A fuller answer on the PIN thing can be found here: https://security.stackexchange.com/a/96835/3785

Ask AI
#1 #2 #3 #4 #5 #6 #7 #8 #9 #10 #11 #12 #13 #14 #15 #16 #17 #18 #19 #20 #21 #22 #23 #24 #25 #26 #27 #28 #29 #30 #31 #32 #33 #34 #35 #36 #37 #38 #39 #40 #41 #42 #43 #44 #45 #46 #47 #48 #49 #50 #51 #52 #53 #54 #55 #56 #57 #58 #59 #60 #61 #62 #63 #64 #65 #66 #67 #68 #69 #70