This tutorial will show you how to change minimum Windows Hello PIN length requirements for all local and Microsoft accounts on a Windows 10 or Windows 11 PC.
Windows Hello PIN is safer than a password. The PIN is bound to the device so hackers cannot steal it and sign-in to your account from a remote device. A Windows Hello PIN can be complex and use a combination of letters, numbers, and special characters. A Windows Hello PIN is backed by a Trusted Platform Module (TPM) chip, which is a secure crypto processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper resistant, and malicious software is unable to tamper with the security functions of the TPM. Windows doesn't link local passwords to the TPM, therefore PINs are considered more secure than local passwords.
Users Windows Hello PIN requires at least four characters by default.
Minimum PIN length configures the minimum number of characters required for the PIN. The lowest number you can configure for this policy setting is 4. The largest number you can configure must be less than the number configured in the Maximum PIN length policy setting or the number 127, whichever is the lowest.
If you change the minimum PIN length, users will be required to change their PIN to meet the new PIN complexity requirements if not already met.
References:
Windows Hello for Business policy settings
Configure Windows Hello - Microsoft Support
support.microsoft.com
You must be signed in as an administrator to change the minimum Windows Hello PIN length.
- Option One: Change Minimum Windows Hello PIN Length in Local Group Policy Editor
- Option Two: Change Minimum Windows Hello PIN Length in Registry Editor
EXAMPLE: Default Windows Hello PIN complexity requirements
The Local Group Policy Editor is only available in the Windows 10/11 Pro, Enterprise, and Education editions.
All editions can use Option Two below.
1 Open the Local Group Policy Editor (gpedit.msc).
2 Navigate to the policy location below in the left pane of the Local Group Policy Editor. (see screenshot below step 3)
3 In the right pane of PIN Complexity, double click/tap on the Minimum PIN length policy to edit it. (see screenshot below)
4 Do step 5 (change) or step 6 (default) below for what you would like to do.
The Minimum PIN length must be lower than the Maximum PIN length.
This is the default setting.
7 Close the Local Group Policy Editor.
8 Restart the computer to apply.
1 Open Registry Editor (regedit.exe).
2 Do step 3 (change) or step 4 (default) below for what you would like to do.
If you do not have the PassportForWork key, then right click or press and hold on the Microsoft key, click/tap on New, click/tap on Key, type PassportForWork, and press Enter.
If you do not have the PINComplexity key, then right click or press and hold on the PassportForWork key, click/tap on New, click/tap on Key, type PINComplexity, and press Enter.
If you do not have a Expiration DWORD, then right click or press and hold on an empty area in the right pane of the PINComplexity key, click/tap on New, click/tap on DWORD (32-bit) Value, type MinimumPINLength, and press Enter.
The MinimumPINLength must be lower than the MaximumPINLength.
This is the default setting.
5 Close Registry Editor.
6 Restart the computer to apply.
That's it,
Shawn Brink
