Specify Minimum Length for BitLocker Startup PIN in Windows 10

Specify Minimum Length for BitLocker Startup PIN in Windows 10

Originally, BitLocker was allowed from 4 to 20 characters for a PIN. Now, the minimum length of the BitLocker PIN was increased to 6 characters to better align with other Windows features that exploit TPM 2.0. To help organizations make the transition, from Windows 10 version 1709, the The length of the BitLocker PIN is 6 characters by defaultbut it can be reduced to 4 characters. If the the minimum length of the PIN code is less than 6 digits, Windows will attempt to update the TPM 2.0 lockout period to be greater than the default value when a PIN is changed. If successful, Windows will reset the default TPM lockout period only if the TPM is reset.

Increasing the BitLocker boot PIN code length requires a larger number of assumptions from an attacker. In this case, the lock time between each estimate can be shortened to allow legitimate users to retry an unsuccessful attempt earlier, while maintaining a similar level of protection.

Specify the minimum length for the BitLocker boot PIN

Open the Local Group Policy Editor. and in the left pane of the Local Group Policy Editor, navigate to the location

Computer Configuration> Administrative Templates> Windows Components> BitLocker Drive Encryption> Operating System Readers.

On the right pane of Operating system double-click Configure the minimum PIN length for startup policy to change it.

This policy setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This policy setting is applied when you enable BitLocker. The start PIN code must be at least 4 digits long and no longer than 20 digits long.

If you enable this policy setting, you can use a minimum number of digits when setting the startup PIN.

If you disable or do not configure this policy setting, users can configure a startup PIN code of between 6 and 20 digits in length.

If the minimum PIN length is less than 6 digits, Windows will attempt to update the TPM 2.0 lockout period so that it is greater than the default when a PIN is changed. If successful, Windows will reset the default TPM lockout period only if the TPM is reset.

Now, do the following.

To use the default minimum length for the BitLocker boot PIN

Select the radio button for Not configured or disabled, Click on D & #39; agreement.

To specify the minimum length of the BitLocker boot PIN

Select the radio button for enabled, enter a number between 4 to 20 in Minimum characters field for what you want, click D & #39; agreement.

You can now exit the Group Policy Editor and restart your system.

Here's how to configure the minimum length for the BitLocker startup PIN in Windows 10.

Related posts:

  1. How to Set Minimum Password Length in Windows 10 and Why Should You Set It
  2. How to Boot Windows 10 in Safe Mode and When to Use It
  3. How to Use WhatsApp QR Codes to Add Contacts
  4. How to Use WhatsApp QR Codes to Add Contacts
  5. How to Change BitLocker Password in Windows 10
  6. How to Reset Display Settings to Default on Windows 10
  7. Top 12 Ways to Fix Windows 10 PIN Not Working Error
  8. How to customize Context Menu of BitLocker Encrypted Drives in Windows 10
  9. Turn On BitLocker for Windows 10 Operating System Drive without TPM
  10. 8 Ways to Open Local Security Policy in Windows 10 and 11

Leave a Reply