How to manage kiosk PINs#
For: Manager (for resets); Shift worker (for self-change) You’ll need: The employee whose PIN you want to manage.
Each employee has a personal 4-digit PIN stored on their Shiftavo membership. It’s used only at the kiosk — not for the regular login. Three ways a PIN gets set or changed:
Auto-assigned on invite#
When you create a new Person (under Company → People), Shiftavo generates a fresh 4-digit PIN for them automatically. The plaintext PIN is shown once on the person-create success page.
Warnung
Hand the PIN over in person, on paper, or via a secure channel. Shiftavo cannot show it again — the next time you (or anyone) needs it, it has to be reset.
Self-change by the employee#
The employee changes their own PIN under Account → Settings → Change kiosk PIN (or the /kiosk/pin/change/ URL):
‚Current PIN‘ — what they have now. Leave blank if they’ve never had one.
‚New PIN‘ — four digits.
‚Confirm new PIN‘ — the same four digits.
If they get the current PIN wrong too many times, the form is rate-limited for 15 minutes.
Manager reset#
When an employee forgets or loses their PIN, a manager resets it.
In the left sidebar, go to Company → People.
Open the person.
Click ‚Reset kiosk PIN‘.
The new plaintext PIN is shown once. Hand it over the same way as the initial PIN.
Bemerkung
Resetting overwrites the old PIN — there is no „see the existing PIN“ option. Hashed PINs are stored one-way; even the database can’t show plaintext.
Why 4 digits?#
A trade-off. Longer PINs are slow to type on a busy floor; shorter PINs are too easy to guess. Four digits with rate-limiting (5 wrong tries / 15 min) gives an attacker effectively no chance to brute-force, while still being fast for the worker. If you need stronger guarantees for a specific role, don’t give that person a kiosk PIN — they can clock in via the normal timesheet UI from a personal device.