How do I remove PIN (Windows Hello) option if it is greyed out?

Question

How do I remove PIN (Windows Hello) option if it is greyed out?

Ben Bryant 60

User's image

As you can see, the option is inaccessible to me.

Roberto Diacci 0 Reputation points

2024-10-09T14:17:09.67+00:00

Nothing you wrote is true anymore, no option to click and so forth. They probably changed something in the latest release OR, with corporate PC joined to a Windows domain things are different.
Michael Grolle 130 Reputation points

2024-11-18T17:53:02.7566667+00:00

To achieve that, run the following line of code in a Command Prompt (cmd.exe) window, while signed in with the user account of the person you want to delete the Windows Hello For Business registration for:

certutil.exe -DeleteHelloContainer

Afterwards, sign out to complete the action:

logoff.exe

The above two commands together, will delete all Windows Hello for Business registrations that are local to the Windows 10 device, including Windows Hello Face, Windows Hello Fingerprint and Windows Hello PIN. However, it will not remove the Security Key sign-in method, because this registration lives in Azure AD, not on the device.

After signing in successfully after deletion of the Windows Hello for Business registration, new methods can be set up for the account from Sign-in Options in the Windows Settings app.
King Linguine 0 Reputation points

2025-01-14T00:54:18.6466667+00:00

Id like to second this. I accidentally applied policy to my home computer and had the annoying pin requirement. This above worked for me
Ben AT 0 Reputation points

2025-06-05T11:30:11.83+00:00

My screen has slightly different options. I upgraded from windows 10 personal to windows 11. The options I get are the following in the screen capture.

as you can see under the additional settings there is NO option for toggling ''For improved security, only allow Windows Hello .....''

Is my situation slightly different?
Ivan C 0 Reputation points

2025-09-18T05:50:24.4566667+00:00

just folllow this vid https://www.youtube.com/watch?v=DC6Bh_vfQh4&t=22s
Bob T 0 Reputation points

2025-09-26T22:48:24.1766667+00:00

This is an ongoing issue and the situation is getting worse, not better. I've worked US DOD, national security level security with counter intel training.

First and foremost and to be absolutely, incredibly, perfectly clear -

Microsoft and it's employees are NOT within my circle of trust. The same is true for all software vendors.

That said, we have no choice but to allow them within our walls but we must retain our rights to control our own security - especially setting our passwords and where they are stored.

A 4 digit pin is 1e4 possible values - 10,000

My system login password, which IS DIFFERENT from my microsoft password is 22 characters with 64 possible values that's 64^22 (5.44e39) possible values which is stored in two places - my head and my password keeper. My microsoft account has a different equally difficult password, also stored in the password keeper. The password to the password keeper is yet another cryptic mangle equally hard to break.

If the advertising of my password keeper's authors is correct, those passwords are encrypted on their server and they are NOT microsoft. Cracking the password keeper is a single point of vulnerability. In security, redundancy LOWERS security because penetrating one penetrates all and single point is best.

And, since no one else knows how many digits my password REALLY is (and I lied about the 22), someone would have to test all possible lengths from 8 to 128, which makes that 6.5e41.

The enigma machine was only 1.5e20.

While a 4 digit pin is better than using a password like "password" or "cutedoggy" and that may be what the average MS home user would use otherwise - for those of us who need REAL security or work for companies which REQUIRE real security - a 4 digit pin is A JOKE!!!

The default should be the a real password and the 4 digit pin should be THE OPTION for users who don't need so much security and under no circumstances should MS be trying to persuade those of who seem to know a lot more than they do that a 1 in 10,000 chance is safer than a 1 in 65,000,000,000,000,000,000,000,000,000,000,000,000,000 chance.

We take it on FAITH that the software we use, which reads our raw credentials, did not pass them on to the vendor using vendor encryption - man in the middle attack. And having worked for multibillion dollar revenue software vendors, I will testify before congress that NONE of the people writing this stuff was bonded, passed security investigations and neither have the people inspecting their work - if it's inspected at all.

The real hypocrisy is bragging about 64 or 128 bit encryption making us safer, while leveraging us into using such unsafe keys. It doesn't matter how good the lock on your front door is if you hang the key on the outside wall.

For those of you who think my paranoia level is too high, because of the work I do - someone hacked my old 12 digit password on my email server and erased one critical document. My memory is unclear, but I was pretty sure I kept a copy on my machine. Both vanished. The document was written around 2022 and could not be located in 2024. When I spotted that, that's when I required all of my staff and myself to start using the maximum length, unbreakable passwords the system allows.

And now, that requirement is costing us about 2-4 hours of labor undoing this BS MS has forced upon us. Or, we could just broadcast everything we're doing everywhere and save the effort. FYI, our work focuses on reversing climate change and putting the fossil fuel industry out of business before the mass extinction. I doubt I'll even live that long but you probably will. This isn't for me, it's for all of you reading this and your children.

Because of the nature of the document, I'm guessing that was someone in US or UK Gov Security. That's because they were the recipient of the document. That was being hacked by an ALLY who removed proof of their own security flaws so other ALLIES didn't know how stupid they were.

I demand the right to remove all this faux security and all AI, which was developed with equally shoddy safeguards, from my system entirely.

I demand the right to make this OPT IN and not OPT OUT.

It's not that I don't trust it, I DO NOT TRUST ITS AUTHORS. Microsoft, Apple, Google, Amazon et. al. ARE NOT within my circle of trust. Please don't take offense, on some stuff my own friends and family aren't either.

Don't try to persuade the uneducated that this for their own good so you can entrap them in your software ecosystem by lying to them that "this is more secure." Yeah, it's more secure than no password at all, but that is not the same thing.

Bob Tipton
Cofounder Hughes Skunk Works.

5 answers

Your answer

Roberto Diacci 0 Reputation points

2024-10-09T14:17:09.67+00:00

Nothing you wrote is true anymore, no option to click and so forth. They probably changed something in the latest release OR, with corporate PC joined to a Windows domain things are different.
Michael Grolle 130 Reputation points

2024-11-18T17:53:02.7566667+00:00

To achieve that, run the following line of code in a Command Prompt (cmd.exe) window, while signed in with the user account of the person you want to delete the Windows Hello For Business registration for:

certutil.exe -DeleteHelloContainer

Afterwards, sign out to complete the action:

logoff.exe

The above two commands together, will delete all Windows Hello for Business registrations that are local to the Windows 10 device, including Windows Hello Face, Windows Hello Fingerprint and Windows Hello PIN. However, it will not remove the Security Key sign-in method, because this registration lives in Azure AD, not on the device.

After signing in successfully after deletion of the Windows Hello for Business registration, new methods can be set up for the account from Sign-in Options in the Windows Settings app.
King Linguine 0 Reputation points

2025-01-14T00:54:18.6466667+00:00

Id like to second this. I accidentally applied policy to my home computer and had the annoying pin requirement. This above worked for me
Ben AT 0 Reputation points

2025-06-05T11:30:11.83+00:00

My screen has slightly different options. I upgraded from windows 10 personal to windows 11. The options I get are the following in the screen capture.

as you can see under the additional settings there is NO option for toggling ''For improved security, only allow Windows Hello .....''

Is my situation slightly different?
Ivan C 0 Reputation points

2025-09-18T05:50:24.4566667+00:00

just folllow this vid https://www.youtube.com/watch?v=DC6Bh_vfQh4&t=22s

Answer 1

Anonymous

Hello,

The remove button could be greyed out if the passwordless option is enabled on the Windows 11 account or if the passwordless account is enabled on your Microsoft account.

Disable Windows Hello sign-in for Microsoft accounts:

To fix the remove PIN button greyed out on Windows 11, use these steps:

Open Settings.
Click on Accounts.
Click the Sign-option tab.
Under the “Additional settings” section, turn off the “For improved security, only allow Windows Hello sign-in for Microsoft account on this device”

How to Remove PIN at Login in Windows 11 - Guiding Tech

Disable passwordless Microsoft account:

To disable the passwordless Microsoft account to fix the greyed out remove PIN button, use these steps:

Open Settings.
Click on Accounts.
Click the Your info tab.
Under the “Related settings” section, click the Accounts option
Click the Security tab.
Click on Advanced security options.
Under the “Additional security” section, turn off the Passwordless account option.
Continue with the on-screen directions.
Restart your computer.

Reference link: How to remove PIN (greyed out) on Windows 11

Note: Since the websites are not hosted by Microsoft, the links may change without notice. Microsoft does not guarantee the accuracy of this information.

Scott Arnold 5 Reputation points

2024-06-13T22:15:07.3433333+00:00

The toggle for "only allow Windows Hello" does not exist for me.
Teri Young 10 Reputation points

2024-08-23T13:35:58.0033333+00:00

Item 4 clicking accounts does NOT go to Security, it opens the internet browser

This is ridiculous
Fabiantsyah Abenito 0 Reputation points

2025-01-03T15:07:15.5733333+00:00

TYSM Luv ya
Mohsen Sobhani 0 Reputation points

2025-02-26T08:31:17.7466667+00:00

that's work for me
Paksi S 0 Reputation points

2025-06-17T09:59:00.9066667+00:00

It didn't work on my device. After I closed the settings and opened it back, the option switched back to on.
eli squared 0 Reputation points

2025-07-21T05:58:45.7466667+00:00

That worked for me. Thank you

Answer 2

Michael Grolle 130

To achieve that, run the following line of code in a Command Prompt (cmd.exe) window, while signed in with the user account of the person you want to delete the Windows Hello For Business registration for:

certutil.exe -DeleteHelloContainer

Afterwards, sign out to complete the action:

logoff.exe

The above two commands together, will delete all Windows Hello for Business registrations that are local to the Windows 10 device, including Windows Hello Face, Windows Hello Fingerprint and Windows Hello PIN. However, it will not remove the Security Key sign-in method, because this registration lives in Azure AD, not on the device.

After signing in successfully after deletion of the Windows Hello for Business registration, new methods can be set up for the account from Sign-in Options in the Windows Settings app.

Ahmed Ahmed 0 Reputation points

2025-01-28T09:24:23.77+00:00

Thank you so much! :)
JPM 0 Reputation points

2025-02-18T09:53:24.52+00:00

This did it for me. Thanks!
eli squared 0 Reputation points

2025-07-21T05:58:00.6366667+00:00

That didn't work for me, it made me stuck on the Windows sign-in with only the email option, and even after trying several times to log in, it kept saying "you need the internet for this." I managed to pass it using another option to sign in using my mobile

Answer 3

Kapil Arya 36,471 Volunteer Moderator

You need to delete everything from Ngc folder or simply rename it to Ngc.old, see steps here:

https://www.kapilarya.com/fix-pin-not-working-in-windows-11#ngc-folder

Once done, you can setup a new PIN and Ngc folder will be re-created by Windows.

Let us know if this helps!

Note: Included link in this reply refers to blog post by a trusted Microsoft MVP.

Nick s 0 Reputation points

2024-07-11T18:03:24.1333333+00:00

That wasn't their question. Their's was the same as mine. How do you remove PIN. not recreate a PIN
George Kostov 6 Reputation points

2024-09-22T05:29:23.09+00:00

If you read the Kapil Arya's blog - there is 3 steps. Step one removes the PIN, step two creates new PIN, step three - restores permissions of the system folder which were changed in step one. So just skip step two if you don't want to use PIN anymore.

For me the solution worked.
Michael Grolle 130 Reputation points

2024-11-18T17:43:08.49+00:00

No access to NGC folder as local or domain admin

Answer 4

Vries, demi de 10

I am not sure if you still need it, but I had the exact same problem and solved it this way:

https://dirteam.com/sander/2020/07/02/howto-delete-your-windows-hello-for-business-registration/

I also didn't have the additional settings, and changing my NGL files didn't work. Fortunately, this did! I still have windows 10, but it will probably also work for windows 11.

Answer 5

Frej da Silva Buxbom 5

Managed to remove it selecting "forget pin option"
I created a new pin, and could remove afterwards.

Share via

How do I remove PIN (Windows Hello) option if it is greyed out?

5 answers

Your answer