In an earlier post, we covered how to enable & configure PIN Complexity Group Policy. In this post, we will show you the simple way you can easily specify minimum and maximum PIN length in Windows 11/10.
Before we jump right into it, a bit of background.
The PIN (Personal Identification Number) is the newest security feature available with Windows 10 and Windows 8.1 aimed at protecting data related to a user account. If you enable Windows Hello PIN protection, you can enter the PIN instead of the actual password.
The advantage is that Hello PIN is tied to the specific device in which it was set up – even if someone manages to obtain your Microsoft account and password, they’ll still need to be physically in possession of your device to gain access to your data. A PIN is not the equivalent of a Microsoft account password that can be used on any device and any network – it’s truly local and won’t be transmitted to Microsoft’s servers for verification.
Another advantage of the Hello PIN is accessibility. Unlike a password, a PIN will not require you to hit the Enter key to register it. Since it’s just a short 4 digit number, Windows will log you in as soon as you enter the correct PIN.
In addition to TPM hardware support, you will also be protected against brute-force attacks – after too many incorrect guesses, the device will be temporarily locked.
How to specify Minimum and Maximum PIN length
You can specify Minimum and Maximum PIN length in Windows 10 using Local Group Policy Editor. For Windows 11/10 Home users, the Local Group Policy Editor is not native to the edition. You’ll need to add the feature then carry out the instructions as outlined below just like you would on Windows 11/10 Pro.
To specify Minimum and Maximum PIN length using Local Group Policy Editor in Windows 10, do the following:
- Press Windows key + R to invoke the Run dialog.
- In the Run dialog box type
gpedit.mscand hit Enter to open Group Policy Editor.
- Inside the Local Group Policy Editor, use the left pane to navigate to the path below:
Computer Configuration > Administrative Templates > System > PIN Complexity
To specify the Minimum PIN length, do the following:
- On the right pane, double-click on Minimum PIN length to edit its properties.
- In the Minimum PIN length window, select the radio button for Enabled.
- Next, move to the box below and set the Minimum PIN length to a value between 4 and 127
- either by using the drop-down menu or by typing the value.
If you set it to 7, you will then be able to create a longer pin (up to 7 digits).
- Click Apply > OK.
To specify the Maximum PIN length, do the following:
- Double-click on Maximum PIN length from the same right pane.
- In the Maximum PIN length window, select the radio button for Enabled.
- Next, move to the box below and set the Maximum PIN length to a value between 4 and 127 either by using the drop-down menu or by typing the value.
- Click Apply > OK.
Now that the maximum and minimum length have been modified, you can customize the PIN creation rules even further if you want. If you take a look at the right pane, you have other policies that can be enforced. You can allow the use of special characters, require uppercase or lowercase letters or even add an expiration date to the PIN.
Related post: Specify Minimum Length for BitLocker Startup PIN in Windows.