Validity of CDSL T-PIN
The CDSL T-PIN does not have a hard expiry. Once issued by CDSL, it remains valid indefinitely until:
- You regenerate it (which invalidates the previous T-PIN).
- CDSL resets it (rare; typically only for security incidents).
- Your demat account is closed.
This article clarifies the lifecycle, the recommended refresh cadence, and the edge cases.
No automatic expiry
CDSL T-PIN is a permanent credential by default. Unlike OTPs (which expire in minutes) or session passwords (which expire in months), T-PIN is intended to persist for the lifetime of the demat account.
This is a usability decision: forcing periodic T-PIN changes would create excessive friction without a clear security benefit (T-PIN is dual-factor with OTP, so theft alone is insufficient).
Recommended refresh
Despite no hard expiry, refreshing T-PIN periodically is good practice:
| Trigger | Action |
|---|---|
| Annually (security hygiene) | Regenerate |
| Mobile changed | Update registered mobile, then regenerate |
| Suspect compromise | Regenerate immediately |
| After major account changes | Regenerate |
| Long-dormant account being reactivated | Regenerate |
For most retail clients, annual regeneration is sufficient.
What invalidates a T-PIN
| Event | T-PIN status |
|---|---|
| Time passing alone | Still valid |
| Account inactivity | Still valid (does not auto-expire) |
| New T-PIN generation | Previous T-PIN invalidated |
| Demat account closure | T-PIN invalidated |
| Major fraud incident affecting your account | CDSL may invalidate; new T-PIN issued |
Differences from other PINs
| Credential | Expiry |
|---|---|
| CDSL T-PIN | None automatic |
| Kite TOTP | Time-based (rotates) |
| Console login password | 90-180 day refresh recommended |
| OTP for transactions | Minutes |
| ATM PIN | Bank-policy (varies) |
T-PIN is the most persistent of these; most other security credentials have shorter lifecycles.
Replacement by block mechanism context
Since the CDSL block mechanism rollout in October 2024, T-PIN is required less often for routine sells. Most Zerodha clients’ T-PIN sits unused for months between rare authorisation events (pledge / un-pledge, inter-depository transfer, specific cases).
This means even an old T-PIN typically remains valid for the rare time you need it. But it also means you may forget it; consider keeping the T-PIN noted securely.
Documentation
CDSL doesn’t publish a formal “T-PIN validity period” because there isn’t one. Operational documentation references:
- “T-PIN issued at account opening, used as needed”.
- “Regenerate when forgotten or compromised”.
There’s no policy document declaring T-PIN expiry.
Compared to NSDL SPEED-e
NSDL has a parallel framework called SPEED-e. NSDL’s authorisation credential has similar (no automatic expiry) properties. Both depositories operate similarly on this dimension.
Best practice for retail clients
- Note the T-PIN securely when first received.
- Don’t share with anyone, ever.
- Refresh annually as a hygiene measure.
- Refresh after suspected compromise.
- Update mobile / email at CDSL when they change.
See also
- Zerodha eDIS T-PIN OTP
- CDSL TPIN regime (eDIS)
- How to recover a forgotten CDSL T-PIN on Zerodha
- How to regenerate CDSL T-PIN
- Generate CDSL TPIN on Zerodha
- TPIN preauthorisation on Zerodha
- CDSL block mechanism for pay-in
- Direct payout to demat SEBI rule
- Zerodha DIS slip
- Zerodha client ID lookup
- Zerodha customer care number
- Is Zerodha safe
- Kite Holdings tab explained
- Margin pledge (Zerodha)
- P symbol on holdings page
- Delivery instruction slip CDSL
- DDPI (India)
- Demat account
- CDSL
- NSDL
- SCORES (SEBI grievance portal)
- Settlement cycle changes 2025-26
- T+1 settlement in Indian equity
- Kite (Zerodha)
- Zerodha
- Zerodha Console
- SEBI
External references
References
- CDSL, T-PIN issuance and management, cdslindia.com.
- Zerodha Support, T-PIN validity and regeneration, support.zerodha.com.
- SEBI, Demat account framework, sebi.gov.in.