Change password policy settings

Open Local Security Policy by clicking the Start button
typing secpol.msc into the Search box, and then clicking secpol

.‌ If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

In the Navigation pane, double-click Account Policies, and then click Password Policy.

Double-click the item in the Policy list that you want to change.
This table lists the password policy settings that are available, explains how each setting works, and provides a recommendation for each setting.

PolicyWhat it doesWhat we recommend
Password must meet complexity requirements
Requires that passwords:

Be at least six characters long.

Contain a combination of at least three of the following characters: uppercase letters, lowercase letters, numbers, symbols (punctuation marks).

Do not contain the user's user name or screen name.
Enable this setting. These complexity requirements can help create a strong password.

Enforce password history

Prevents users from creating a new password that is the same as their current password or a recently used password. To specify how many passwords are remembered, provide a value. For example, a value of 1 means that only the last password will be remembered, and a value of 5 means that the previous five passwords will be remembered.
Use a number that is greater than 1.

Maximum password age
Sets the maximum number of days that a password is valid. After this number of days, the user will have to change the password.
Set a maximum password age of 70 days. Setting the number of days too high provides hackers with an extended window of opportunity to crack the password. Setting the number of days too low might be frustrating for users who have to change their passwords too frequently.

Minimum password age
Sets the minimum number of days that must pass before a password can be changed.
Set the minimum password age to at least 1 day. By doing so, you require that the user can only change their password once a day. This will help to enforce other settings. For example, if the past five passwords are remembered, this will ensure that at least five days must pass before the user can re-use their original password. If the minimum password age is set to 0, the user can change their password six times on the same day and begin re-using their original password on the same day.

Minimum password length
Specifies the fewest number of characters a password can have.
Set the length between 8 and 12 characters (provided that they also meet complexity requirements). A longer password is more difficult to crack than a shorter password, assuming the password is not a word or common phrase. If you are not concerned about someone in your office or home using your computer, however, using no password gives you better protection against a hacker trying to break into your computer from the Internet or another network than an easily guessed password would. If you use no password, Windows automatically prevents anyone from logging on to your computer from the Internet or another network.


Post a Comment