/
  • Last updated
/
  • 5 min read

How to Enable or Disable Require Lowercase Letters for PIN in Windows 10

How to Enable or Disable Require Lowercase Letters for PIN in Windows 10 blog banner image

In this guide, we discuss how to enable or disable the Require Lowercase Letters for PIN in Windows Hello on Windows 10. Most modern devices provide some level of credential security, and setting a PIN is one of the most common ways to protect a device.

Even so, knowing how to customize PIN requirements can significantly strengthen security by enforcing complex rules, such as requiring lowercase letters. This reduces the risk of unauthorized access due to easily guessable PINs; a phenomenon that many IT experts argue adds to their inherent vulnerability.

This is especially true for highly regulated industries that must comply with several security standards (such as PCI-DSS, GDPR, or HIPAA). For these organizations, enforcing custom PIN requirements ensures that user authentication meets organizational security policies.

How to configure the Windows Hello PIN

Before proceeding, make sure that you have:

  • Administrative access: You must be signed in with an account that has administrative privileges.
  • Newest Windows 10 version (any edition): The device should be running Windows 10 version 1703 or later. It can be any edition.
  • Group Policy Editor availability: The local Group Policy Editor is available in Windows 10 Pro, Enterprise, and Education editions. If you’re using Windows 10 Home, you’ll need to use the Registry Editor method.

When changing the Windows Hello PIN, take note that:

  • These configurations apply only to Windows Hello PINs and do not affect traditional password policies.
  • Changes to PIN complexity requirements will not retroactively affect existing PINs. Users will need to create a new PIN to comply with the updated policies.
  • Implementing Windows Hello PIN complexity requirements is particularly beneficial in enterprise environments.

Method 1: Use the local Group Policy Editor

  1. Press Windows + R, type gpedit.msc, and press Enter.
  2. In the left-hand pane, expand Computer Configuration > Administrative Templates > System > PIN Complexity.
  3. In the right pane, double-click on Require lowercase letters. A new window will open.
  4. Configure the policy based on your requirements.
    1. To enable the requirement, Select Enabled. This setting mandates that users include at least one lowercase letter in their PIN.
    2. To disable the requirement: Select Disabled. This prevents users from including lowercase letters in their PIN.
    3. Leave the setting unconfigured: Select Not Configured. This allows users to choose whether to include lowercase letters, depending on other Windows Hello PIN complexity settings.
  5. Click Apply, then Ok.
  6. Close the local Group Policy Editor.
  7. Open Command Prompt as an administrator.
  8. Run the command gupdate /force to apply the new policy settings.

💡 NOTE: These changes will affect new PINs created after the policy is applied. Existing PINs will remain unchanged unless users are prompted to update them.

Method 2: Use Registry Editor

While the first method is the most recommended, you can use the Registry Editor if you are using Windows 10 Home. Take care with this method, though. Changes made to the Registry Editor can cause system instability if done incorrectly. It is strongly recommended that you back up your Registry before proceeding.

  1. Press Windows + R, type regedit, and press Enter. Click Yes if prompted.
  2. Navigate to the following path: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork\PINComplexity

If the PINComplexity does not exist, you’ll need to create it. To do this, right-click on PassportForWork, select New > Key, and name it PINComplexity.

  1. In the right pane of the PINComplexity key, right-click and select New > DWORD (32-bit) Value.
  2. Name the new value, LowercaseLetters.
  3. Double click LowercaseLetters and set its value data
    1. To enable the requirement: Enter 1
    2. To disable the requirement: Enter 0
  4. Close the Registry Editor and restart your computer to apply the changes.

💡 NOTE: As with the Group Policy method, these changes will only affect new PINs created after the policy is created.

Troubleshooting Windows Hello PIN complexity

Policy changes not taking effect immediately

This is most likely due to the Group Policy update not yet being enforced. To resolve this, make sure you run gpupdate /force from an elevated Command Prompt to refresh policy settings. If you’re using the Registry Editor, you would need to restart your system for the changes to take effect.

Missing PIN complexity folder in Group Policy

In some cases, administrators may not see the PIN Complexity folder under the expected Group Policy path. This can happen when Windows Hello isn’t fully set up or on editions like Windows 10 Home, where the Group Policy Editor is unavailable. If you’re using a supported edition (Pro, Enterprise, or Education) and still don’t see a folder, make sure you’re running version 1703 or higher.

Registry key doesn’t exist

The PINComplexity registry string does not always exist by default. If this Registry key doesn’t exist, you’ll need to manually create it using the instructions listed above.

Users not prompted to change existing PINs

After enforcing a new lowercase letter PIN requirement, you may expect that the policy will apply to existing PINs. This is not the case. You would need to manually change existing PINs.

FAQs on changing Windows 10 Hello PIN complexity

Does this affect traditional passwords or just PINs?

The settings apply solely to Windows Hello PINs. They have no impact on traditional password policies.

Can Windows PIN be alphanumeric? Can I enforce other PIN complexity rules like uppercase letters or special characters?

Yes, the same PIN complexity section in Group Policy allows you to configure other requirements, such as uppercase letters, special characters, minimum PIN length, and digits. Take note, though, that each requirement is controlled by a separate policy or DWORD value.

Can I prevent users from setting a PIN at all?

Yes, you can disable Windows 10 Hello PIN complexity altogether if your organization prefers alternative authentication methods like passwords. This can be done through Group Policy by disabling Windows Hello for Business. Check out this guide, How to Enable or Disable Domain Users to Sign In with PIN on Windows 10, for more information.

Change PIN complexity in Windows 10

It’s best practice to configure the Windows 10 PIN complexity to align with your organizational policies. This is especially true if you are part of a highly regulated industry, such as healthcare or finance, that requires strict credential management.

Start your Free Trial

You might also like

How to Uninstall WSL Distro in Windows 11 blog banner image

How to Uninstall WSL Distro in Windows 11

How to Uninstall or Reinstall the Copilot app in Windows 11 blog banner image

How to Uninstall or Reinstall the Copilot app in Windows 11

How to Add or Remove the “Learn about this picture” Desktop Icon in Windows 11 blog banner image

How to Add or Remove the “Learn about this picture” Desktop Icon in Windows 11

How to Boot to UEFI:BIOS Firmware Settings in Windows 11 blog banner image

How to Boot to UEFI/BIOS Firmware Settings in Windows 11

How to Upgrade Windows 10 Home to Windows 10 Pro for Workstations blog banner image

How to Upgrade Windows 10 Home to Windows 10 Pro for Workstations

How to Change 'When Typing into List View' Action in Windows 10 File Explorer blog banner image

How to Change ‘When Typing into List View’ Action in Windows 10 File Explorer

Back to Blog Home
Ready to simplify the hardest parts of IT?
Start a Free Trial
Get a demo
×

See NinjaOne in action!

By submitting this form, I accept NinjaOne's privacy policy.

NinjaOne Terms & Conditions

By clicking the “I Accept” button below, you indicate your acceptance of the following legal terms as well as our Terms of Use:

  • Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms.
  • Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party.
  • Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library belonging to or under the control of any other software provider.
  • Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations.
  • Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks.
  • Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script.
  • EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).
I Accept