The default state of the PIN is for simple numerical characters between 4 and 127. However, this can be changed to keep the quick sign-in option while increasing the security of your computer.

How to configure Windows Hello PIN

Before we begin to manage the characteristics of the PIN, let us show you how you can create a sign-in PIN for your account on Windows 10. Often users prefer creating this right after a fresh installation, as it is more convenient to sign in to their accounts. Plus, a PIN is much easier to remember. Follow the steps below to configure a PIN sign-on: You have now successfully configured the Windows PIN Sign-on. If at any point you want to change or remove the PIN, simply navigate back to the Sign-in Options page and click on either option.

How to manage Windows Hello PIN

When configuring the Windows Hello PIN in Windows 10, a user is presented with minimal options to change. For example, all the options they have are the lengths of the PIN, and whether to make it alpha-numeric. However, using the Group Policy Editor in Windows 10, you can change the requirements for which an essential PIN should be. Windows 10 Home edition users will need to download and install the Group Policy Editor as gpedit.msc is not available by default. There are several options you can configure from the Group Policy Editor to manage your PIN requirements. Continue reading to learn more about how you can do so. First, open the Group Policy Editor by typing in gpedit.msc in Run, then navigate to the following from the left pane:Computer Configuration -> Administrative Templates -> System -> PIN Complexity You are then presented with a number of options to configure. Let’s cover each option one by one so you understand what they are used for and how to configure them.

Require digits

Enabling this option makes it mandatory for the user to use at least one digit in the PIN. Previously, by checking the box next to Include letters and symbols, users could create a PIN entirely out of alphabets. A sysadmin can make sure users insert a number into their PIN to make it more secure.

Require lowercase letters

As the title depicts, this option lets the users ensure that there is at least one lowercase letter in the PIN that is created. You can enable this by following the exact guide given above for Require digits.

Maximum PIN length

By enabling this option, you can set the maximum length of the characters that can be used by a user in a PIN. However, the range must be between 4 and 127, as permitted by Windows. If you enter a number below 4, the following error is given: Similarly, entering a number above 127 will result in the following:

Minimum PIN length

This option sets the minimum character length to be allowed to users when setting their PIN. Setting this to a number greater than 4 would increase the security of the PIN by making it more complex.

Expiration

By enabling the Expiration option, the administrator can set a limit on a PIN to last. Meaning, any configured PIN will expire after the said number of days, and the user will then be prompted to create a new PIN. The value can be set in the number of days from 0 to 730 (2 years). By default, the value is 0, which means that the PIN never expires.

History

The History option, when enabled, does not allow the user to reuse the pre-set last number of PINs. Meaning, a user cannot use their old PIN again as their new PIN. The number of unusable past PINs can be configured from 1 to 50.

Require special characters

By enabling this option, users can be permitted to use special characters in their PINs. It would only make the PIN more secure by increasing its complexity level. Here is a list of the special characters that are allowed: ! ” # $ % & ‘ ( ) * + , – . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~ .

Require uppercase letters

Similar to Require lowercase characters, you can also configure user PINs to have uppercase characters as well. This will also increase the complexity of the PINs created.

Closing words

Using these options from the Group Policy Editor individually might not be as effective as using them in a combination. For example, by making it mandatory for a PIN to have both upper and lowercase alphabets, as well as special characters and numerical characters, the PIN would become really complex to decode through social engineering. However, a PIN should not be so complex that it cannot be differentiated from a regular password, as the main purpose of the Windows Hello PIN is to make it easier for the people to log in to their accounts. Also see:

How to manage local users in windows 10 home EditionHow To Login Without Password in Windows2 ways to reset Local Group Policy in Windows 103 Ways To Remove/Disable Microsoft Account In Windows 11/10How to Enable or Disable Reveal Password button in Windows 11/10