In this registry workshop, learn how to enable PIN expiration in Windows 10. With this, you can force users to change their PIN in 1 to 730 days range.

Earlier, we’ve shared you following article which talks about configuring password expiration:

How to configure password expiration in Windows 10

Now, in this article we’ll see how to configure PIN expiration. Basically, PIN expiration is part of PIN complexity. However, in some of earlier Windows 10 versions, PIN expiration wasn’t available. But Microsoft added the PIN expiration to complexity in newer version. The advantage of this is that you can set number of days in which PIN expires or users should change it. When PIN expiration is configured, and if PIN is expired, users will see Your organization requires that you change your PIN message.

How To Configure PIN Expiration In Windows 10

PIN expiration in Windows 10 is disabled by default. You can enable it using below mentioned steps.

How To Enable PIN Expiration In Windows 10

Registry Disclaimer: The further steps will involve registry manipulation. Making mistakes while manipulating registry could affect your system adversely. So be careful while editing registry entries and create a System Restore point first.

1. Press W8K + R and type regedit in Run dialog box to open Registry Editor (if you’re not familiar with Registry Editor, then click here). Click OK.

Windows 10 Registry Editor

2. In left pane of Registry Editor window, navigate to following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft

How To Configure PIN Expiration In Windows 10

3. Right click Microsoft registry key, select New > Key. Name the newly created sub-key as PassportForWork. Similarly create PINComplexity registry sub-key next to Microsoft registry key. If these registry keys already exists, skip creation of new keys. Now in the right pane of PINComplexity registry key (HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork\PINComplexity), right click and select New > DWORD Value. Name the newly created registry string (REG_DWORD) as Expiration. Double click on the string to modify its Value data:

How To Configure PIN Expiration In Windows 10

4. Set the Decimal base first and then type any Value data between 1 to 730 which would be number of days after which PIN will be expired. In this example, we put 60 as Value data, so the PIN will expire within 60 days. Click OK, close Registry Editor and reboot to make changes effective.

Group Policy Setting: If you want to enable PIN expiration on multiple machines in your organization/workplace, you can deploy the relevant GPO setting. Configure Expiration policy setting at Computer configuration > Administrative templates > System > PIN Complexity to Enabled. You can then set number of days between 1 to 730 in Options.

That’s it!

Share this post on Facebook · Twitter.

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Comments

  • Kapil Arya : ^^ Please collect the logs and create a new thread at Microsoft Commun...

    18 hours ago

  • Kapil Arya : ^^ As you've already backup-ed your documents, you can perform clean i...

    18 hours ago

  • Kapil Arya : ^^ Please try repairing the boot records, see if that helps you: https...

    18 hours ago

  • Charlie : I’ve tried all the options and I don’t have a healthy PC running the s...

    1 day ago

  • Alex777 : I can not Start safe mode.. and scannow doesnt work Receiver sYstem ...

    1 day ago