In our efforts to create a secure computing environment, we have previously discussed enabling and configuring the PIN Complexity Group Policy. In this post, we will explore how to specify the minimum and maximum PIN lengths.
What is PIN or Personal Identification Number?
The PIN (Personal Identification Number) is the newest security feature available with Windows 11/10, aimed at protecting data related to a user account. If you enable Windows Hello PIN protection, you can enter the PIN instead of the actual password.
The advantage is that Hello PIN is tied to the specific device in which it was set up – even if someone manages to obtain your Microsoft account and password, they’ll still need to be physically in possession of your device to gain access to your data. A PIN is not the equivalent of a Microsoft account password that can be used on any device and any network – it’s truly local and won’t be transmitted to Microsoft’s servers for verification.
Another advantage of the Hello PIN is accessibility. Unlike a password, a PIN will not require you to hit the Enter key to register it. Since it’s just a short 4 digit number, Windows will log you in as soon as you enter the correct PIN.
In addition to TPM hardware support, you will also be protected against brute-force attacks – after too many incorrect guesses, the device will be temporarily locked.
How to specify Minimum and Maximum PIN length in Windows 11
You can specify Minimum and Maximum PIN length using Local Group Policy Editor. For Windows 11/10 Home users, the Local Group Policy Editor is not native to the edition. You’ll need to add the feature and then follow the instructions outlined below just like you would on Windows 11/10 Pro.
To specify Minimum and Maximum PIN length using Local Group Policy Editor in Windows 11/10, do the following:
- Press Windows key + R to invoke the Run dialog.
- In the Run dialog box type
gpedit.mscand hit Enter to open Group Policy Editor. - Inside the Local Group Policy Editor, use the left pane to navigate to the path below:
Computer Configuration > Administrative Templates > System > PIN Complexity
To specify the Minimum PIN length, do the following:
- On the right pane, double-click on Minimum PIN length to edit its properties.
- In the Minimum PIN length window, select the radio button for Enabled.
- Next, move to the box below and set the Minimum PIN length to a value between 4 and 127
- either by using the drop-down menu or by typing the value.
If you set it to 7, you will then be able to create a longer pin (up to 7 digits).
- Click Apply > OK.
To specify the Maximum PIN length, do the following:
- Double-click on Maximum PIN length from the same right pane.
- In the Maximum PIN length window, select the radio button for Enabled.
- Next, move to the box below and set the Maximum PIN length to a value between 4 and 127 either by using the drop-down menu or by typing the value.
- Click Apply > OK.
Now that the maximum and minimum length have been modified, you can customize the PIN creation rules even further if you want. If you take a look at the right pane, you have other policies that can be enforced. You can allow the use of special characters, require uppercase or lowercase letters, or even add an expiration date to the PIN.
That’s it!
Read: Windows Hello PIN Remove button greyed out in Windows 11
How do I set a 4 digit PIN in Windows 11?
To set a PIN in Windows 11, you need to go to Accounts > Sign-in options. Then, click on PIN (Windows Hello) and set a PIN for your account. Once done, you will have to enter the PIN every time you log into your PC.
Related post: Specify Minimum Length for BitLocker Startup PIN in Windows.
