UPDATE:
I found the answer to the "How To?" part of my question on superuser:
- Require Fingerprint AND Password/Pin for Windows Logon
- Is it possible to require a TOTP on Windows Login using existing or custom software?
ORIGINAL QUESTION:
I'm looking to upgrade my home computer security, and I've been thinking about using a biometric scanner. At the time being, fingerprint scanners are the most easily obtainable biometric scanners, and they're also the most convient, which is why I'm considering using them. For the same reason, a TOTP application like Google Authenticator is not exactly what I'm looking for - sure, it's probably even more secure than just a password/fingerprint combination (compared to only having a password), but its impact on usability is too severe for my purposes.
Unfortunately, replacing my password with a biometric scan would actually be a downgrade, since obtaining a fingerprint is significantly easier than obtaining my computer password, which I only use for my computer. A fingerprint, on the other hand, can be found on anything I've touched.
Therefore, I'd like to utilize a 2-factor-authentication that requires both my password and my fingerprint (something I know + something I am). Unfortunately, it appears that Windows Hello doesn't support this natively (not unless you're connected to an Active Directory plus some other magic, that is).
Hence my question: at the time being, is it somehow possible to enable a 2-factor-authentication (using a biometric scan and a password) to log on to Windows 10?
Additionally, are there any password safes available that allow such a 2-factor-authentication?