How-to kite pin 2fa pin forgot pin two-factor authentication password reset

How to recover a forgotten Kite PIN

From WebNotes, a public knowledge base. Last updated . Reading time ~8 min. Level: Beginner.

The Kite PIN is the 6-digit second factor you enter after your password, and you reset a forgotten one through the Forgot user ID or password flow on kite.zerodha.com. There is no separate Forgot PIN button, because the PIN is part of your login credentials, not a standalone code. Resetting it routes through the same screen that resets the password: user ID, PAN, an OTP on email or SMS, then a new password and a new PIN set together. This guide walks that reset, explains how the PIN relates to the full login, and covers the switch to a TOTP authenticator if you would rather not memorise a PIN at all.

The distinction that confuses people is between the password and the PIN. The password is the first factor. The 6-digit PIN is the second factor, the one that satisfies the SEBI two-factor authentication rule. You enter the password, then the PIN, on every Kite login. Forgetting the PIN does not mean your password is wrong; it means you cannot clear the second step. The reset below fixes the PIN, and resets the password in the same pass.

Conflict-of-interest disclosure. This guide is published by the WebNotes Editorial Team for informational purposes and is written independently. WebNotes operates a Zerodha account-opening referral programme, disclosed on the pages that carry the referral link; this guide does not carry it and earns no referral commission from the procedure described here.

Step-by-step procedure

The numbered box at the top gives the sequence. The H3 sections below expand the single point that trips people up, that there is no separate Forgot PIN link, and the option to move to TOTP.

1. Open the login screen and tap Forgot user ID or password

Go to kite.zerodha.com on web, or open the Kite app and reach the login screen. Tap Forgot user ID or password. This is the only entry point; Kite does not show a Forgot PIN link, because the PIN is the second factor of your login and is reset alongside the password. If you went looking for a PIN-only reset and could not find one, this is why. The same flow handles both the password and the PIN.

2. Enter user ID and PAN, then verify by OTP

Enter your 12-character user ID and your PAN. Choose the OTP channel, Receive on E-mail or SMS, enter the captcha, and click Reset for the email path or Continue for the SMS path. Enter the one-time password that arrives on your registered email or mobile and click Continue. If your mobile number is on the DND registry or the phone is lost, the SMS may not arrive; use the email channel instead. For the lost-phone case in full, see how to log in when the mobile is lost .

3. Set a new password and a new PIN

Enter a new password and a new 6-digit PIN, then click Save. The PIN you choose here becomes your second factor going forward. Pick a PIN that is not an obvious sequence or a repeat of a banking PIN, since it is one of the two strings guarding your funds and demat holdings . Log in with the user ID, new password, and new PIN within the five-minute second-factor window to confirm the reset worked.

The PIN as the second factor

Two-factor authentication means two independent checks. At Zerodha the first is the password, something you know and type; the second is the 6-digit PIN, a separate something you know, or a TOTP code from an app, something you have. The PIN exists because SEBI requires a second factor on online trading-account access, enforced across the industry since 2022. This is also why device lock is mandatory on the Kite app: the app pairs the PIN or TOTP with a hardware-bound lock to meet the rule. Read the Kite app code explainer for how the second factor is generated and entered, and why a risk disclosure shows on every login for the regulatory backdrop.

Because the PIN and password are separate factors of the same credential set, they are reset together but used in sequence. You cannot reset the PIN without also setting a password in the flow; the screen presents both fields. This is by design: the reset re-establishes your full login, not a fragment of it.

Switching from a PIN to TOTP

If you would rather not remember a 6-digit PIN, switch the second factor to a TOTP authenticator. On the Password and Security page in your profile, you can move from a manually set PIN to an external authenticator app, or back the other way. With TOTP, the second factor becomes a rotating 6-digit code read from Google Authenticator or Authy rather than a static PIN you memorise. The trade-off favours TOTP if you sometimes lose access to your phone, because a backed-up authenticator like Authy restores the token on a new device, whereas a forgotten PIN forces a full reset. Read how to set up TOTP on Zerodha for the switch, TOTP versus SMS OTP for the comparison, and how to disable TOTP if you ever want to return to a PIN.

When the reset itself fails

The common failure is the Invalid account credentials, N attempts remain error, which means a field in the reset form does not match the records: a mistyped user ID or PAN, or an email or mobile that is not the one on file. Correct the mismatch. If repeated wrong password attempts have already blocked the account, the block is cleared only by completing this password-and-PIN reset, as covered in how to unblock a Kite account . If you have lost access to both the registered email and mobile, you cannot self-serve the reset and must update your contact details first; see how to recover lost email and mobile . For any reset you did not initiate, the email and SMS confirmation Zerodha sends is a security signal worth acting on.

See also

External references

References

  1. Zerodha support, How do I reset my 2FA PIN? (PIN reset via Forgot user ID or password, as of 20 June 2026).
  2. Zerodha support, How do I reset my password on the Kite app? (as of 20 June 2026).
  3. SEBI circular SEBI/HO/MIRSD/DOP/P/CIR/2022/76, dated 3 June 2022, on two-factor authentication for online trading account access.

WebNotes Editorial Team prepares factual how-to guides based on publicly available regulatory documents and broker disclosures. WebNotes is not affiliated with Zerodha Broking Limited. Procedures and screens are subject to change; verify the current flow at support.zerodha.com before acting.

Related articles

Frequently asked questions

How do I reset my forgotten Kite PIN?
Tap Forgot user ID or password on the Kite login screen, enter your user ID and PAN, receive an OTP on email or SMS, then set a new password and a new 6-digit PIN. There is no separate Forgot PIN button; the PIN resets through the credentials flow.
Is the Kite PIN the same as my password?
No. The password is the first factor and the 6-digit PIN is the second factor, entered after the password. They are reset together through the same Forgot user ID or password flow, but they are two distinct credentials.
Why is there no separate Forgot PIN option?
The PIN is the second authentication factor of your login, so Zerodha resets it as part of resetting the login credentials. The Forgot user ID or password flow sets a new password and a new PIN in one pass.
Can I reset the PIN without my registered mobile?
Yes. On the OTP channel choice, select Receive on E-mail to get the one-time password by email instead of SMS. This is the route to use if your mobile is on DND or lost.
Can I use a TOTP app instead of a 6-digit PIN?
Yes. You can switch from a manually set PIN to a TOTP authenticator, or back, on the Password and Security page in your profile. TOTP is the more resilient second factor if you sometimes lose access to your phone.
I get Invalid account credentials, attempts remain. What is wrong?
That error means a detail in the reset form is wrong. Recheck your user ID, PAN, and whether the registered email or mobile you entered matches the one on file. Correct the mismatch and try again.
Does Zerodha alert me when the PIN is reset?
Yes. Because the PIN resets through the credentials flow, Zerodha sends a confirmation by email and SMS. If you did not initiate the reset, treat the alert as a possible unauthorised access attempt and contact support.

Reviewed and published by

WebNotes Editorial Team

The WebNotes Editorial Team covers Indian capital markets, payments infrastructure and retail investor procedures. Every article is fact-checked against primary sources, principally SEBI circulars and master directions, NPCI specifications and the official support documentation published by the intermediary in question. Drafts go through a second-pair-of-eyes review and a separate compliance read before publication, and revisions are tracked against the SEBI and NPCI rule changes referenced in the methodology section.

Last reviewed
Conflicts of interest
WebNotes is independent. No relationship with any broker, registrar or bank named in this article.