How to configure Windows password policy

Windows has a password policy that we can enable easily and quickly. This feature allows us to improve security and protect our equipment. We can configure it through the Local Group Policy Editor and in this article we will explain step by step how to do it. We will explain everything necessary to use this policy in Windows 10.

Why use password policy

configure Windows password policy

First of all we are going to explain why it is interesting to use this feature and configure the Windows password policy. We must start from the basis that keys are the main security barrier that we can use to prevent intruders on our accounts and devices.

When we install Windows on our computer we can create any password. This password will allow us to access the user. But of course, first we will be able to put anything that comes to mind. If, for example, we put the access code 123456, the system would accept it as good. Now, it is nowhere near a correct safety barrier.

To avoid problems when creating keys , the Microsoft operating system has the password policy. A feature that we can enable and configure to act as if it were a “semaphore” that tells us if the key we are creating is correct or not. In case we put a weak and insecure password, like the example of 123456, it would not let us.

Therefore, if we ask ourselves what the Windows password policy is for and why we should use it, the answer is clear: security . If we want to avoid intruders and minimize the probability that the password will be found, it is a good idea.

How to access the password policy

First of all we have to go to the Local Group Policy Editor . To do this, just press the Windows + R key combination and run gpedit.msc. We can also right-click on the Start button and click on Run.

When we are inside we must go to Computer Configuration, Windows Settings, Security Settings and Account Policies . We have to open this folder and others will appear. The one that interests us is the password policy.

Directiva de contraseñas

A menu will appear with all the possible configurations. They will basically be the elements that we will be able to enable and configure within the Windows password policy. It is the main part of all this and we will see it as it appears in the image below.

Configurar contraseñas en Windows

Enable requirements and settings

After explaining how we can access the Windows password policy, we are going to talk about each of the features . All of them will help make the key that we believe is as secure as possible and that it meets all the requirements to keep possible intruders away.

Of course, we must bear in mind that all these requirements that we are going to see and that we can enable or not, will not be applied with the passwords that we already have created. Therefore, if we want to improve security, it is advisable to change the password once we configure this correctly.

Password must meet complexity requirements

First of all, we must activate the feature “The password must meet the complexity requirements.” By default it will be disabled. Basically it is what will allow the new password that we create, or when changing an existing password, to meet the requirements such as the length or the use of uppercase and lowercase letters, numbers and other characters.

These last parameters that we mention are what will really give complexity to an access key. We should not create one that only has letters or even letters and numbers; Ideally, it should also have an additional symbol, such as “%”, “&”, “$” …

Requisitos de contraseñas

If we click and click on Properties and then go to Explanation, we will see the information related to this feature.

Enforce password history

This is interesting to ensure that we create unique passwords and that they do not repeat themselves. Let’s say a while ago we used a password and it was leaked for some reason. We created a different one but when we changed it again we put the same one that was leaked a long time ago.

By requiring password history , Windows will not let us enter a key that we already entered previously. By default it will not save passwords, but we can put a number for it to do so. For example “20” and remember the last 20 keys that we have put.

Guardar historial de contraseñas

Minimum password length

Another very important factor is the length of the password . Simply by adding a letter, a number or an additional symbol to a password, we will make it much more secure. Therefore, the amount we put in is going to be essential.

When we activate the complexity requirements, automatically the minimum length of that password becomes 6. We could not, for example, create a password that was only 5 characters long. In that case it would be considered unsafe and would not let us.

Now 6 is still a very low number. Ideally, it should be at least 10-12 characters long . We can configure it in this way and require us to have passwords that are longer and we can be more secure.

Maximum and minimum validity of the password

We will also see that two options appear that indicate the maximum and minimum validity of a key. By default, the first case is marked at 42 days and the second at 0 days. What does this mean?

Assigning a maximum validity means that we will have to change the password before that date. For example, if we put 30 days or if we leave the 42 days that are predetermined, once that time passes Windows will require us to put another password and we will avoid always using the same one.

In the case of the minimum validity , this means that it is the minimum time that a key that we have created will be valid. In this way we will avoid changing the password before that date. However, the ideal is to keep it at 0 and allow us to change it as many times as we want, since it is not a problem.

Store passwords with reversible encryption

If we look at the list of features that we have within the password policy, one of them is to store passwords with reversible encryption . We can activate it or not and it is one more option that can determine security and be more or less protected.

In this case, what we do is enable or disable Windows to store passwords with reversible encryption. This will provide support for applications that use protocols that require knowledge of the user’s password for authentication purposes.

Our advice is to never enable this option . It basically means the same as having plain text passwords stored. It is not ideal and unless it is necessary for some reason and interests us, we should leave it as it appears by default.

How to see the new policy work

We have explained how to enable the password policy and what each of the sections that we will see in the main menu are for. Now it only remains to put it into practice and verify that it really works and that it will fulfill its mission, which is none other than allowing us to have totally secure passwords .

What can we do? Well, there is nothing better than creating a password . To do this we have to go to Start, Settings, we go to Accounts and there we click on Login Options. In “Password” we give Add and put anything that does not meet the requirements that we have set. For example 12345.

When we have created the password and click Next, it will send us a message indicating that the password we have entered does not meet the requirements of the password policy. This will show us that it has indeed been configured correctly.

Ultimately, this is how the Windows password policy works. It is an interesting feature to maximize the security of the keys that we create in the system. One more way to be protected and avoid problems.