A PIN is an extra sign-in option available in Windows since Windows 8 to protect your account and data while simplifying the sign-in process for touch-based devices at the same time. When enabled, you can sign into your device by entering as short as a 4-digit number without pressing the Enter key. It’s also device-independent, meaning that you can set up different PINs on different devices and they are not related to each other. One being compromised doesn’t affect the others.
To enable and set up a PIN on Windows 10, open Settings app and go to Accounts > Sign-in options, and click Add button to start.
You will be prompted to enter your current Microsoft Account password or Local Signed-in account password to move forward.
By default, it requires a minimum 4-digit number and has no expiration in place. If there is a PIN complexity policy required in place, here is how you can set up.
Open Local Group Policy Edit by typing and entering the following in Win+R run dialog box.
gpedit.msc
Then, navigate to the following location:
Computer Configuration > Administrative Templates > System > PIN Complexity
The available options that you can set up for PIN’s complexity are
- Require digits
- Require lowercase letters
- Require special characters
- Require uppercase letters
- Maximum PIN length
- Minimum PIN length
- Expiration
- History
To set up PIN expiration, double-click the Expiration policy, click Enable radio and put in the period of time in days that a PIN can be used before the system requires you to change it.
That’s about it. Editing settings like this through Group Policy is fairly straightforward and very effective if you are managing a large group.