Why pins might actually be better than passwords
I see a lot of comments asking how a pin is better than a password. Well, it is quite different to a password. The pin is tied to the hardware and so cannot be stolen from a compromised server or read from an untrusted network connection since it is never transmitted.
They are a bit like a passphrase on a key file you can then use to log on to a server with. This pin is tied to that specific hardware so is useless to a remote attacker. https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password
For a local attacker who has the hardware, they need to crack into the TPM, Yubikey etc. I think it is probably easier to try and read and crack a password hash from the disk then break into the TPM.
Personally I don't like the way they handle FIDO2 keys - as soon as you plug the key in everything is open. Users will just walk away to the loo leaving the key in so anyone can just log in. Again this is only an issue for people in the same room but its still a big one IMO.