Site icon Winhelponline

Default Sign-in Option Changes to Password from PIN Automatically in Windows 10

When you sign-in to your user account or unlock the workstation, the last used sign-in method (PIN, Password or Windows Hello) is saved to the registry, and the same will be used the next time. However, you may notice that the default sign-in option reverts to password at every restart, even though you used PIN sign-in the last time to unlock the computer.

You can click the “Sign-in options” link below the password field and select PIN option — but it requires two mouse clicks every time.

::UPDATE:: This issue seems to have been fixed in Windows 10 v1903. The PIN sign-in choice is preserved even with automatic login enabled.

Why does the default sign-in option change from PIN to Password?

One reason why this problem happens is, you’ve configured automatic login to your Microsoft account using username and password, with control userpasswords2 (netplwiz.exe) method or using any other tool.

With automatic login enabled, when Windows starts, it logs in to your account automatically and immediately updates the last used sign-in method or the authentication mechanism, in the registry. This applies for every successful authentication — whether it’s a workstation unlock, or fresh login either locally or through remote desktop.

The last sign-in mechanism is stored in the following key, in the value name that matches your user account SID:


The SID value data contains the last used credential provider GUID. And manipulating the above key would be asking for trouble, as it might prove disastrous.

I used a REG file to update the last credential provider using Task Scheduler at every login and it did work well for some time. After a couple of reboots, Windows 10 stalled at “Preparing Windows” screen and logged me into a temporary profile. Fortunately, it was a test system and I had created a System Restore point beforehand.


To set PIN as the default sign-in method always, disabling automatic login is probably the only option right now. To do so, start netplwiz.exe. Enable the checkbox “Users must enter a user name and password to use this computer”, and click OK. This clears the saved auto-logon credentials.

Some users will say that would be the poorest trade-off, though. What users want is to automatically login to their account at startup, but set PIN as the default sign-in option when unlocking the device while logged on. Unfortunately, there is no safe way to do that, yet.

What are Credential Providers?

You don’t have to read this section — it just provides a brief intro on credential providers.

Credential providers are responsible for user authentication not just for Windows login, but also for authentication into apps, websites, etc.

Depending upon the login method you use — Password, PIN, biometric devices (Windows Hello – Fingerprint, Face, and Iris recognition), the respective credential provider takes charge and does user authentication to verify your identity.

Each credential provider is represented by a globally unique identifier (GUID). The GUID {D6886603-9D2F-4EB2-B667-1971041FA96B} is the credentials provider for PIN-based sign-in. When you use a password to login to your Microsoft Account (not local account), the GUID used is {F8A0B131-5F68-486C-8040-7E8FC3C85BB6}

This page at Sophos lists most, if not all, of the system credentials providers in Windows 10. And, check out the Microsoft developer documentation about Credential Providers in Windows 10.

Exit mobile version