Basics

11 reasons why PIN doesn’t work in Windows 10 (and how to fix it)

by Jonathan Dudamel
10 min read

Start here: If your PIN won’t sign you into Windows, the quickest fix is usually to remove and recreate the PIN or repair the underlying service that stores PIN data — this article shows how. The problem—PIN doesn’t work in Windows 10—can be caused by corrupt PIN data, policy restrictions, TPM or Windows Update issues, or account problems; below you’ll find 11 common causes and step-by-step fixes so you can sign in again.

Contents show

Key Takeaway

The fastest reliable fix is to remove the corrupted PIN data and recreate it (via Settings > Accounts > Sign-in options) or fix the device services that store the PIN (take ownership of the NGC folder to reset Windows Hello PIN). If those don’t work, check TPM and Group Policy settings, run system repairs (sfc /scannow, DISM), and test with a new user account.

Quick Fix Guide

Quick Fix Guide

Reason for the Problem Quick Solution
Corrupted Windows Hello PIN data (NGC folder) Delete/reset the NGC folder (take ownership, then recreate PIN).
TPM (Trusted Platform Module) issues Check tpm.msc and clear or reinitialize TPM (backup BitLocker keys first).
Windows Update or a buggy update Uninstall the recent update or run Windows Update > Troubleshooter.
Services required for PIN are stopped Restart Credential Manager, Windows Biometric Service, and Cryptographic Services.
Group Policy or Registry disabling PIN Re-enable PIN in gpedit.msc or Local Security Policy (Windows Hello policies).
Corrupted system files Run sfc /scannow and DISM /Online /Cleanup-Image /RestoreHealth.
Account or Microsoft account sync problems Sign out and back into the Microsoft account or remove and re-add the account.
Incorrect date/time or time zone Fix date/time under Settings > Time & Language and sync the clock.
Domain / Azure AD policies or connectivity issues Connect to network/domain, sign in with password, contact admin or re-join Azure AD.
Corrupted user profile Create a new local or Microsoft user and set up a PIN to test.
Driver or biometric device conflicts Update or uninstall biometric/ fingerprint drivers via Device Manager.

Detailed Fixes for “PIN doesn’t work in Windows 10”

1) Corrupted Windows Hello PIN data (NGC folder)

Why this causes the problem:
Windows Hello stores PIN and secure sign-in keys in the NGC folder under the LocalService profile. If files are corrupted or permissions are wrong, Windows can’t read your PIN data.

See also  9 reasons why Audio enhancements don’t work in Windows 10 (and how to fix it)

Step-by-step solution:

  1. Sign in with your password or a different admin account.
  2. Open an elevated Command Prompt: click Start, type cmd, right-click Command Prompt, choose Run as administrator.
  3. Take ownership of the NGC folder:
    • Run: takeown /f “C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\NGC” /r /d y
    • Then grant admins full control: icacls “C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\NGC” /grant administrators:F /t
  4. Delete the contents of the NGC folder using File Explorer or the command line: rmdir /s /q “C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\NGC”
  5. Reboot.
  6. Recreate your PIN: Settings > Accounts > Sign-in options > Windows Hello PIN > Add.

Notes:

  • You may be required to use your Microsoft account password to set a new PIN.
  • Back up BitLocker recovery keys before making large changes, because resetting the TPM or credentials can affect encrypted drives.

2) TPM (Trusted Platform Module) issues

Why this causes the problem:
Windows stores parts of the PIN and keys in the TPM. If TPM is disabled, cleared unexpectedly, or corrupted, PIN sign-in can fail.

Step-by-step solution:

  1. Check TPM status: press Windows + R, type tpm.msc, press Enter.
  2. If TPM shows errors, try clearing or reinitializing:
    • Open Windows Security > Device security > Security processor > Security processor troubleshooting > Clear TPM.
    • If you use BitLocker, suspend BitLocker first: Control Panel > BitLocker Drive Encryption > Suspend protection.
  3. Reboot and test sign-in.
  4. If TPM is not present or enabled in BIOS/UEFI, enable it in firmware settings and restart.

Warnings:

  • Clearing TPM will remove keys and may render encrypted data unreadable unless you have recovery keys. Back up BitLocker recovery keys first.

3) Windows Update bug or recent update

Why this causes the problem:
A Windows update can introduce a bug or change authentication behavior that breaks PIN sign-in.

Step-by-step solution:

  1. Check Settings > Update & Security > View update history for recent updates.
  2. If a suspected update coincides with the issue, uninstall it: Control Panel > Programs > View installed updates, select the update, click Uninstall.
  3. Run the Windows Update Troubleshooter: Settings > Update & Security > Troubleshoot > Additional troubleshooters > Windows Update.
  4. Reboot and test PIN.
  5. If fixed, pause updates temporarily: Settings > Update & Security > Windows Update > Pause updates.

Tip:

  • Search the update KB number online to see if others report PIN problems and whether Microsoft issued a hotfix.

4) Required services stopped (Credential Manager, Biometric, Cryptographic)

Why this causes the problem:
Windows uses several services to manage credentials and biometric devices; if they aren’t running, PIN authentication may fail.

Step-by-step solution:

  1. Press Windows + R, type services.msc, Enter.
  2. Locate and ensure these services are set to Automatic (Delayed Start) or Automatic and started:
    • Credential Manager
    • Windows Biometric Service
    • Cryptographic Services
  3. To start a stopped service: right-click the service, click Start.
  4. Reboot if you changed startup type and test PIN.

Note:

  • If a service fails to start, check Event Viewer for service-specific errors.

5) Group Policy or Registry blocking PIN

Why this causes the problem:
Enterprise or local group policies can disable PIN sign-in or Windows Hello for Business.

See also  7 reasons why Enter key doesn’t work in Windows 10 (and how to fix it)

Step-by-step solution:

  1. For Windows 10 Pro/Enterprise: press Windows + R, type gpedit.msc, Enter.
  2. Navigate to Computer Configuration > Administrative Templates > Windows Components > Windows Hello for Business.
  3. Ensure policies like Use Windows Hello for Business are Not Configured or Enabled as appropriate. Also check Turn on convenience PIN sign-in under Computer Configuration > Administrative Templates > System > Logon if present.
  4. For Home editions without gpedit, check the registry: press Windows + R, type regedit, and review HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System for any keys disabling PIN.
  5. After changes, run gpupdate /force in an elevated Command Prompt and reboot.

Tip:

  • On domain-joined PCs, domain policies may reapply at next group policy refresh — contact your IT admin.

6) Corrupted system files

Why this causes the problem:
Missing or corrupted system files can break authentication components.

Step-by-step solution:

  1. Open an elevated Command Prompt (admin).
  2. Run: sfc /scannow and wait for completion.
  3. If SFC finds errors it can’t fix, run: DISM /Online /Cleanup-Image /RestoreHealth.
  4. After DISM finishes, run sfc /scannow again.
  5. Reboot and test PIN.

Notes:

  • These commands repair Windows component store and files and are safe for most users.

7) Microsoft account or account sync problems

Why this causes the problem:
If the Microsoft account (or its credentials) is out of sync, Windows may not accept the PIN which ties to your account state.

Step-by-step solution:

  1. Sign in with your password.
  2. Go to Settings > Accounts > Your info and check account status.
  3. If needed, sign out of the Microsoft account and sign back in: Settings > Accounts > Email & accounts — remove the account and re-add it.
  4. Recreate the PIN: Settings > Accounts > Sign-in options > Windows Hello PIN > Remove then Add.

Tip:

  • If Windows prompts for online verification, connect to the Internet and verify your account via the Microsoft sign-in web flow.

8) Incorrect date/time or region settings

Why this causes the problem:
Authentication and certificate validation can fail if system time is wrong.

Step-by-step solution:

  1. Open Settings > Time & Language > Date & time.
  2. Enable Set time automatically and click Sync now under Synchronize your clock.
  3. Ensure the Time zone is correct.
  4. Reboot and test the PIN.

9) Domain / Azure AD policies or connectivity issues

Why this causes the problem:
On domain-joined or Azure AD-joined machines, PIN sign-in may depend on domain trust, network connectivity, or policy settings.

Step-by-step solution:

  1. Try signing in with your password while connected to the corporate network (or VPN).
  2. If password works, recreate the PIN: Settings > Accounts > Sign-in options > Windows Hello PIN > Remove > Add.
  3. If policies block PIN, contact your IT admin or re-join Azure AD: Settings > Accounts > Access work or school > Disconnect then re-join if needed.

Note:

  • Some organizations enforce Windows Hello for Business; follow corporate procedures.

10) Corrupted user profile

Why this causes the problem:
If the user profile is damaged, the account-specific PIN settings may not function.

Step-by-step solution:

  1. Create a new local administrator account: Settings > Accounts > Family & other users > Add someone else to this PC > I don’t have this person’s sign-in info > Add a user without a Microsoft account and give it admin rights.
  2. Sign into the new account and set a new PIN: Settings > Accounts > Sign-in options > Windows Hello PIN > Add.
  3. If the PIN works in the new account, consider migrating data or repairing the old profile.
See also  10 reasons why Groove Music doesn’t work in Windows 10 (and how to fix it)

Tip:

  • Back up user data before recreating profiles.

11) Driver or biometric device conflicts

Why this causes the problem:
Outdated or conflicting biometric drivers (fingerprint readers) can interfere with Windows Hello PIN sign-in.

Step-by-step solution:

  1. Open Device Manager: right-click Start, choose Device Manager.
  2. Under Biometric devices or Human Interface Devices, locate your biometric/fingerprint device.
  3. Right-click and choose Update driver; if update fails, choose Uninstall device then reboot to let Windows reinstall the driver.
  4. After reinstalling, test sign-in and recreate PIN if necessary.

Note:

  • If you removed a biometric device, you can still use a PIN or password for signing in.

Preventive measures and when to contact support

  • Regularly back up important recovery keys (BitLocker) and enable System Restore points before major updates.
  • Keep Windows up to date but wait a few days on critical updates in managed environments.
  • Use a local admin account to keep at least one working method to sign in.
  • If multiple users on a managed device experience PIN failures, contact IT support — this is likely a policy or update issue.

When to contact Microsoft or IT:

  • If TPM errors persist after reinitialization.
  • If group policies prevent changes and you lack administrative control.
  • If reinstallation of Windows Hello components and system repairs fail.

FAQ

Can I log in without a PIN when my PIN stops working?

Yes — use your account password on the sign-in screen (choose “Sign-in options” and pick the password) or use another admin account. If you can’t access any account, use recovery options such as Safe Mode or Windows recovery.

Is my PIN stored on Microsoft servers or is it recoverable?

No — the PIN is local and securely tied to the device (and TPM). It’s not recoverable by Microsoft; you must reset or recreate the PIN if it’s corrupted.

Will clearing TPM delete my files or BitLocker-protected data?

Clearing TPM can make BitLocker-encrypted drives inaccessible unless you have the recovery key; always back up BitLocker recovery keys before clearing TPM.

How can I check logs for PIN/Windows Hello errors?

Open Event Viewer: Applications and Services Logs > Microsoft > Windows > HelloForBusiness and check Operational for errors. Also review System logs for service or TPM errors.

Are there alternative sign-in methods I can enable to prevent lockouts?

Yes — enable multiple sign-in methods like password, fingerprint, or a PIN for another admin account. Also enable Dynamic lock only after testing other sign-in methods.

Conclusion

Most PIN sign-in failures are caused by corrupted Windows Hello data, TPM issues, service failures, or policy constraints and can be resolved by resetting the NGC data, checking TPM and services, or reapplying policies. If you follow these steps and recreate your PIN, you’ll normally restore sign-in functionality; remember that the core issue is that PIN doesn’t work in Windows 10, and the fixes above address the most common root causes.

About the author

Jonathan Dudamel

Jonathan Dudamel

I'm Jonathan Dudamel, an experienced IT specialist and network engineer passionate about all things Windows. I have deep expertise in Microsoft project management, virtualization (VMware ESXi and Hyper-V), and Microsoft’s hybrid platform. I'm also skilled with Microsoft O365, Azure ADDS, and Windows Server environments from 2003 through 2022.

My strengths include Microsoft network infrastructure, VMware platforms, CMMS, ERP systems, and server administration (2016/2022).

View all posts

You may also like