Skip to main content

How to enable PIN complexity on Windows 10

Windows 10 includes multiple options to sign-in to your account, including the ability to sign-in using a PIN. If you have a mobile device, you're probably already familiar with a PIN, which is a secondary form of authentication similar to a password, but with some unique features.

For example, a PIN usually contains only numbers, and it's shorter than a password. In addition, unlike a password, a PIN is only significant to one device, meaning that it doesn't sync across all your devices like when you use a Microsoft account, and it doesn't work over the network.

This is what makes a PIN more secure; if your password is compromised anyone can access your device (or devices) from virtually anywhere. However, using only two pairs of numbers to create a PIN can also make it easier for anyone with physical access to break into your device.

Thankfully, Windows 10 includes a feature that enables you to create a more complex PIN using special characters, letters, uppercase and lowercase to make your account more secure.

In this Windows 10 guide, we'll walk you through the steps to make your PIN more secure by adding complexity to the mix on your computer.

How to configure PIN complexity

On your computer running Windows 10 Pro, you can use the Local Group Policy Editor to quickly set up PIN complexity on your computer, just follow these steps:

  1. Use the Windows key + R keyboard shortcut to open the Run command.
  2. Type gpedit.msc and click OK to open the Local Group Policy Editor.
  3. Browse the following path:Computer Configuration > Administrative Templates > Windows Components > Windows Hello for Business > PIN Complexity

  1. On the left side, double-click the policy with the setting you want to configure, including:
    • Require digits: If you enable or do not configure this policy, the operating system will require to include at least one number while creating a PIN. If you disable this policy, you can use any non-number characters.
    • Require lowercase letters: If you enable or do not configure this policy, the operating system will require to include at least one lowercase letter when creating a PIN. If you disable this policy, you won't be allowed to use lowercase letters in your PIN.
    • Maximum PIN length: This policy lets you set a maximum number of characters you can use to create a PIN. The maximum limit allowed is 127 characters. The maximum length must be larger than the minimum of 4 or whatever higher number configured for Minimum PIN length policy.
    • Minimum PIN length: This policy lets you set the minimum number of characters you can use to create a PIN. The lowest number you can configure is 4. The minimum length can be as large as 127, but less than the Maximum PIN length policy.
    • Expiration: Using this policy you can set the number of days before requiring users to change their PIN. You can configure this setting to expire to anything between 1 and 730 days. If you use default 0 the PIN will never expire.
    • History: To increase security, you can use this policy to prevent a user from reusing a specified number of unique PINs. You can configure the operating system to remember 0 to 50 PINs, and if you set it to 0, then the History policy won't be applicable.
    • Require special characters: You can enable this policy to require at least one special character when creating a PIN. If you disable or do not configure the policy, then you won't be able to use special characters on your PIN. These are the special characters you're allowed to use:! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~ .
    • Require uppercase letters: If you enable or do not configure this policy, the operating system will require to include at least one uppercase letter when creating a PIN. If you disable this policy, you won't be allowed to use uppercase letters in your PIN.
  2. On the top-left, make sure to select Enabled or Disabled to configure the policy.

  1. Change the policy options if applicable.
  2. Click Apply.
  3. Click OK to complete the task.

How to create a complex PIN to sign in to Windows 10

Now that you have configured PIN complexity, you'll need to set up a PIN for your computer, which you can do easily with these instructions:

  1. Open Settings.
  2. Click on Accounts.
  3. Click on Sign-in options.
  4. Under PIN, click the Add button.

  1. Enter your current password to verify that you're who you say you are, and click Sign in.
  2. The Set up a PIN box will appear, click the PIN requirements links to make sure to create a new PIN that meets the policies in place.
  3. Create your new PIN.

  1. Click OK to complete the task.

To test that everything is working as expected, lock your device (Windows key + L keyboard shortcut), and try to sign-in entering your new PIN.

Wrapping things up

Adding more complexity makes a PIN harder to crack. Even though a PIN now looks more like a password, it's not about the structure, it's about how it works.

If you use your Microsoft account on multiple devices, you'll be using the same password, which someone can steal and get access to all your devices and your account from virtually anywhere. But win PINs you can create a different code for each device you use and keep using the same Microsoft account; if somebody steals your a PIN they can only use it to physically access that specific device, and with PIN complexity your PIN will be even tougher to crack.

It's worth pointing out that PIN complexity is only available on Windows 10 Pro and Enterprise.

What do you think about PIN complexity on Windows 10? Tell us in the comments below.

More Windows 10 resources

For more help articles, coverage, and answers on Windows 10, you can visit the following resources:

Mauro Huculak is technical writer for WindowsCentral.com. His primary focus is to write comprehensive how-tos to help users get the most out of Windows 10 and its many related technologies. He has an IT background with professional certifications from Microsoft, Cisco, and CompTIA, and he's a recognized member of the Microsoft MVP community.

27 Comments
  • Thank goodness for fingerprint readers!
  • Fingerprint sensors can be spoofed. Thank gosh (without using god's name in vein) for Windows Hello!
  • What vein will you be using god in?
  • Haha..'in vein'
  • Well Windows hello includes fingerprint, face recognition and iris scanning. All that is part of Windows Hello.
  • So to make a PIN which would include a more symbols one needs to go into all those settings. What the hell is Microsoft doing, they should have enabled complex PINs such as these by default, and not only for Pro and Enterprise users. I had so much headache when I realized that if I don't want to sign in with my Microsoft account password I have to use a combination of numbers. Dafuck were they thinking? I hope that they will change it so anybody can have a PIN with any characters, and without going through all this. By the way, what is that option "Phone sign-in", just above the option "PIN complexity"? If it is what I think it is, that might be really a great feature. Windows Central, thanks for this article, I think this is just what I was asking about a week ago or so. :)
  • I'm pretty sure what they were thinking is that a PIN was supposed to be simpler than a password. You can enable all the extra features in the article, and then you've turned your "PIN" into the exact same thing as a password. The only difference being it's per device, but if you have that level of security requirements there were already better solutions available for you. Also, I want to meet the person who has a 127 character PIN. :)
  • "Use this policy setting to configure use of phone sign-in. Phone sign-in provides the ability for a phone to be usable as a companion device for desktop authentication. Phone sign-in requires that both the PC and the phone are registered with the same Azure AD tenant. Additionally, the phone must be enrolled in Windows Hello for Business."
  • Could you give us the source, please?
  • I clicked it. That's what it says in the description
  • Thanks. :)
  • Nice post WC! Will be doing this for sure.
  • MH nails it each time.
  • Couldn't help but notice the Phone Sign-in right above the PIN Complexity option... Is this already available and if so, how do I configure it?
  • Yeah, I'd want to know that too.
  • Me too, I hope there's an option to enable Authenticator app to to use for login into Windows 10 user account. Or it may work with SMS or email verification. I'd love to have these options for my work PC.
  • Or even cooler, have the phone paired with your PC via bluetooth and once you get close to your computer it unlocks! That would be neat!!! :)  
  • That would be indeed awesome! Or to be able to turn on PC and once it's up and it finds our you're around to simply login, or to be able to do all this but with necessary confitmation on the phone.
  • Windows Hello on SP4 ftw!
  • Didn't even know such thing exist, thought PIN is always 4 digit, good to know. Operating systems are complex, one can't really know everything on your own. Articles like this are great. The funny part is people still believe Windows 7 is better than 10, 10 has so many things 7 don't have.
  • So then if we use characters....isn't it just a password again.....hmmmm. What about '12345', no-one will ever guess that.....
  • Yeah technically its a password, but it is also an independent sign in compared to other devices. (By default, you use your MS account password, which is the same pass for any MS service you use.
    The PIN, means if your MS password was compromised and the person responsible had access to your laptop/computer, they wouldn't be able to use said password to get onto the device. The only other way to have an independent password is to instead log in with a local account, instead of your MS account, which also means no integrated MS account services like OneDrive/Photos etc. This PIN, even the complex PIN, is a nice middle ground, between having your integrated MS account on Windows, and also having an independent PIN (or complex PIN/Pass) that isn't tied to the same password on all your MS services.
  • Windows needs option to lock after a certain number of incorrect tries?  How long would it take someone to crack a 4 digit code?
  • I believe Windows Central did an article on how to add a "Certain amount of guesses" onto the sign in to prevent that, and I think it was a recent article
  • Nice tip
  • PIN Complexity policy group is missing on build 17025
  • They changed it, the exact location is: "Computer Configuration\Administrative Templates\System\PIN Complexity"