Unlike with Face ID or Fingerprint, there may be times you need to change or reset your PIN. You may have forgotten your PIN or just want to change your PIN for security reasons. In this article, we have mentioned ways to reset or change the PIN in Windows. We have also included the fixes for issues that stop you from changing or resetting the PIN.
How to Change PIN
You can change your PIN from the Settings App using the following instructions:
How to Reset PIN
Windows Hello also allows resetting your PIN in case you forget it. Please remember that you need to pass two authentication steps to reset your PIN. There are two ways to reset the PIN: Destructive and Non-destructive. The Destructive PIN Reset removes any credentials added to the Windows Hello container and assigns you a new PIN. The Non-Destructive PIN Reset protects all those credentials but changes the PIN associated with them. You need to enable PIN recovery mode for non-destructive reset. Other than that, all the steps are the same. Below, we have mentioned the methods you can use for both types of reset.
Destructive PIN Reset
Here are the methods to execute a destructive PIN reset in Windows:
Reset From Settings
The normal way to reset your PIN after you’ve logged in to your system is through the settings. Please follow the directions below:
Reset From Lock Screen
It is also possible to reset your PIN from the lock screen if you can’t log in. To do so, select I forgot my PIN from the lock screen and follow the on-screen instructions.
Delete Ngc Folder
Ngc is the folder where Windows stores all PIN-related settings. It is possible to remove your PIN by deleting the folder. Then, you can add a new PIN from the Account Settings. You must have ownership of the folder before deleting its contents. Follow the steps below to take ownership of the Ngc folder and remove its contents: Now, you can go to Settings Accounts>Sign in options>Windows Hello PIN and choose Add a PIN to create a new PIN.
Non-Destructive PIN Reset
The methods mentioned here only show how you can enable PIN Recovery. After turning on PIN recovery, reset your PIN from settings to execute a non-destructive reset.
Enable PIN Recovery With Microsoft Intune
Microsoft Intune allows remote configuration of your device. Follow the steps below to enable PIN Recovery with Intune.
Enable PIN Recovery With Local Group Policy Editor
Local Group Policy Editor also allows configuring policies for the Windows Hello for Business feature. Please find below how you can enable the PIN recovery policy with this editor.
Enable PIN Recovery With Registry Editor
It is also possible to enable PIN recovery by changing an entry in your registry. Here’s how you can do so:
Troubleshooting Can’t Change/Reset/Add/Enter PIN
The first thing to do in this situation is to restart your PC. Move on to the solutions if this proves ineffective. Before trying any solutions, make sure to delete the Ngc folder if you haven’t already done so. It will solve this issue in most cases.
Disconnect From Work or School Account
Being connected with a work or school account may enforce some policy disabling you from changing your PIN. Disconnecting the account from Settings>Accounts>Access work or school will likely fix this issue. You may have to sign out from all apps logged in with your school or work account as well.
Startup Repair
Repairing your PC may fix this problem. You can do it from the Windows Recovery Environment. Follow these instructions to perform a startup repair:
System Restore
You may resolve this issue by restoring your system to an existing restore point. Here’s how you can do so. You can perform a system restore from the Windows Recovery Environment if you’re unable to log in to your account. Go to Troubleshoot>Advanced options>System Restore to access this option.
Related Question
How do I know if the PIN Recovery mode is enabled or not?
It is possible to check the status of devices joined with Azure AD using the dsregcmd command. With this command, you can check if a non-destructive reset is possible or not. Enter the command dsregcmd /status in the elevated command prompt. In User State, check for the value of CanReset. If the value is DestructiveAndNonDestructive, your PIN Recovery mode is on.
