Here I go, headfirst into a big task. Any guidance will be appreciated by me and others. Feel free to make this a separate topic for those in migration.
Starting to like mSecure. I just finished deleting all my Password Plus records from their server and now you own me. Wish you had two tier authentication available. If I give my PC password or pin to the guy repairing my PC, he will also have access to my password database. Not good.
Good point, but if you turn off Use Windows Hello to secure your data option in Security then you cannot login to mSecure with your Windows PIN. The challenge is remembering to do that before passing it to IT repair guy.
@JSeow If it wasn't you saying this, I would immediately say this isn't possible =) I'm not aware it is possible to set two different PINs when using Windows Hello, but I've never had to look into it before. Are you saying there is a way to set app-specific PINs in Windows Hello? The only way to open mSecure with a password that is not the account password is to use Windows Hello, so if it's not possible to create app-specific PINs in Windows Hello, @Brent would need to follow @David's advice and remember to turn off Windows Hello unlock before taking in his PC into a computer tech.
OK, I have always turned off that feature in mSecure to "Use Windows Hello to secure your data". And so I have had to key in the mSecure password every time I use it and I just meant that I could set one pin for Windows and another password (which could be just a different pin) for mSecure. From a security perspective, this setting is a potential loophole and I don't think anyone would remember to turn off Use Windows Hello to secure your data before passing your computer to the IT guy.
@JSeow Ok, I'm understanding what you're saying now, and it's what I thought you meant. However, my main computer is a Mac, so I'm always thinking there may be important features I might be missing for Windows. When you mentioned not having to have the same PINs, I thought there might be a feature in Windows Hello I wasn't aware of. I agree with you that if you're needing others to use your computer frequently that using Windows Hello for unlocking mSecure is not a good idea.
I looked into seeing if you can disable the PIN for Windows Hello and only use face recognition, but that isn't possible. Come to think of it, regardless of what type of device you use, this situation @Brent brought up is always going to pose a problem. You're either going to have to give them your computer password, if you aren't using biometrics, or you're going to have to give them your PIN (for Windows Hello) if you don't want to give them the computer's password. Giving them the computer password may be worse, but a decision will always have to be made. For Mac/iOS, there is no alternate PIN for unlocking 3rd party apps with Touch/Face ID so your have one less option to worry about, but you still have to either give the technician your device password or you have to remove the setting to lock the device before you take it in for work. You could also change the device password to something different just while it's being worked on, but in the end, you still have to remember to do something before you give the device to someone else. I guess the one nice thing about Mac/iOS is that you don't ever have to worry about your data in mSecure, because if you're using Touch/Face ID for biometric unlock, then whoever has access to your computer can never get into mSecure (if they don't figure out your mSecure password). The way Microsoft has implemented Windows Hello, there's just no way to keep that feature active to unlock mSecure and also keep someone out of your information if you have to give them your Windows Hello PIN.
Just a thought, but on Windows you could install mSecure on a second user account instead of your primary one. This second user account could use a more robust Windows Hello PIN with characters and symbols turned on, and with mSecure set to use Windows Hello to secure the data. The way to transfer usernames, login passwords, etc would be through something like Google Keep or some such means, from the second account to the primary one as and when they are needed and deleting them immediately after use.
This is workable, though a little unwieldy, not to mention how secure Google Keep would be. You can then safely ship your PC to your IT guy with no concerns.