A PIN is an additional security feature available in Windows 10 and Windows 8.1 to protect your user account and all the sensitive data inside it. When enabled, it can be entered instead of the password. Unlike a password, a PIN does not require the user to press the Enter key to sign in and it can be a short 4 digit number. Once you enter the correct PIN, you will be signed in to your Windows 10 account immediately. You can specify the number of days that a PIN can be used before the user will be asked to change it. Here is how it can be done.
The main difference between a PIN and a password is the device on which they can be used.
- While you can use your password to sign in to your Microsoft account from any device and any network, a PIN can only be used with one device where you created it. Think of it as a password for a local (non-Microsoft) account.
- When you are signing in with a password on a device which is online, it is transmitted to Microsoft's servers for verification. A PIN won't be sent anywhere and truly acts like a local password stored on your PC.
- If your device comes with a TPM module, the PIN will be protected and encrypted additionally thanks to the TPM hardware support. For example, it will protect against PIN brute-force attacks. After too many incorrect guesses, the device will become locked.
However, a PIN does not replace the password. To set up a PIN, it is necessary to have a password set for your user account.
Note: If you need to start the computer in Safe Mode, the PIN does not work.
Before proceeding, ensure that your user account has administrative privileges. Now, follow the instructions below.
To enable or disable PIN Expiration in Windows 10, do the following.
- Open the Registry Editor app.
- Go to the following Registry key.
See how to go to a Registry key with one click.
Note: If you don't have such a key in the Registry, just create it. In my case, I had to create the PassportForWork key, and then the PINComplexity key.
- To enable the PIN Expiration feature, create a new 32-Bit DWORD value Expiration on the right. Set it to to the desired value in decimals. The value data can be between 1 and 730 and stores the number of days after which the PIN will expire.
Note: Even if you are running 64-bit Windows you must still create a 32-bit DWORD value.
- To disable the PIN Expiration feature, delete the Expiration value. This is the default setting.
- Restart Windows 10.
Enable or Disable PIN Expiration in Windows 10 with Local Group Policy Editor
If you are running Windows 10 Pro, Enterprise, or Education edition, you can use the Local Group Policy Editor app to configure the options mentioned above with a GUI.
- Press Win + R keys together on your keyboard and type:
- Group Policy Editor will open. Go to Computer Configuration\Administrative Templates\System\PIN Complexity. Configure the Expiration option and you are done.