Published by


Brink's Avatar
Administrator

Posts: 25,241

Show Printable Version 


How to Change BitLocker Startup PIN in Windows 10

information   Information
BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.

When you turn on BitLocker for the operating system drive with a compatible TPM, you can choose to unlock the OS drive at startup with a PIN.

Originally, BitLocker allowed from 4 to 20 characters for a PIN. Starting with Windows 10 version 1703, the minimum length for the BitLocker PIN was increased to 6 characters to better align with other Windows features that leverage TPM 2.0. To help organizations with the transition, beginning with Windows 10 version 1709 and Windows 10 version 1703 with the October 2017 Fall Cumulative Update installed, the BitLocker PIN length is 6 characters by default, but it can be reduced to 4 characters. If the minimum PIN length is set below 6 digits, Windows will attempt to update the TPM 2.0 lockout period to be greater than the default when a PIN is changed. If successful, Windows will only reset the TPM lockout period back to default if the TPM is reset.

This tutorial will show you how to change the BitLocker startup PIN in Windows 10.
Note   Note
Before you can change the PIN or password on a BitLocker protected drive, you must unlock the drive.

CONTENTS:
  • Option One: Change BitLocker Startup PIN in This PC
  • Option Two: Change BitLocker Startup PIN in Manage BitLocker Control Panel
  • Option Three: Change BitLocker Startup PIN in Command Prompt





Change BitLocker Startup PIN in Windows 10 OPTION ONE Change BitLocker Startup PIN in Windows 10
Change BitLocker Startup PIN in This PC

1. Open This PC in File Explorer (Win+E), and do step 2 or step 3 below for what you would like to do.

2. Right click or press and hold on the OS drive (ex: "C") encrypted by BitLocker with TPM and PIN, click/tap on Change BitLocker PIN, and go to step 4 below. (see screenshot below)

Name:  Change_BitLocker_PIN_This_PC-1.jpg
Views: 104
Size:  58.8 KB

3. Select the OS drive (ex: "C") encrypted by BitLocker, click/tap on the "Drive Tools" Manage tab, click/tap on the BitLocker button in the ribbon, click/tap on Change password/PIN, and go to step 4 below. (see screenshot below)

Name:  Change_BitLocker_PIN_This_PC-2.jpg
Views: 105
Size:  49.7 KB

4. Type in the Old PIN, type in a New Pin, type the new PIN again to Confirm new PIN, and click/tap on Change PIN. (see screenshot below)

Name:  Change_BitLocker_startup_PIN-1.jpg
Views: 106
Size:  22.9 KB

5. If the PIN has been successfully changed, click/tap on Close. (see screenshot below)

Name:  Change_BitLocker_startup_PIN-2.jpg
Views: 100
Size:  28.7 KB

6. You can now close File Explorer if you like.






Change BitLocker Startup PIN in Windows 10 OPTION TWO Change BitLocker Startup PIN in Windows 10
Change BitLocker Startup PIN in Manage BitLocker Control Panel

1. Open the Control Panel (icons view), and click/tap on the BitLocker Drive Encryption icon.

2. Under Operating system drive, click/tap on the Change PIN link. (see screenshot below)

Name:  Change_BitLocker_PIN_in_Control_Panel.jpg
Views: 108
Size:  53.4 KB

3. Type in the Old PIN, type in a New Pin, type the new PIN again to Confirm new PIN, and click/tap on Change PIN. (see screenshot below)

Name:  Change_BitLocker_startup_PIN-1.jpg
Views: 106
Size:  22.9 KB

4. If the PIN has been successfully changed, click/tap on Close. (see screenshot below)

Name:  Change_BitLocker_startup_PIN-2.jpg
Views: 100
Size:  28.7 KB

5. You can now close the Control Panel if you like.






Change BitLocker Startup PIN in Windows 10 OPTION THREE Change BitLocker Startup PIN in Windows 10
Change BitLocker Startup PIN in Command Prompt

Note   Note
You must be signed in as an administrator to be able to do this option.

1. Open an elevated command prompt.

2. Type the command below into the elevated command prompt, and press Enter. (see screenshot below)

manage-bde -changepin <drive letter>:

Note   Note
Substitute <drive letter> in the command above with the actual drive letter (ex: "C") of the OS drive encrypted by BitLocker with TPM and PIN.

For example: manage-bde -changepin C:

3. Type the new PIN when prompted, and press Enter.

4. Confirm the new PIN by typing it again when prompted, and press Enter.

5. If your PIN has been successfully updated, you can now close the elevated command prompt.

Name:  Change_BitLocker_PIN_in_command_prompt.jpg
Views: 101
Size:  70.0 KB


That's all,
Shawn