Windows Password Complexity with gpedit.msc
Just because you are a home Windows user doesn’t mean you shouldn’t have good password management practices. Core to achieving that are:
- Changing passwords regularly
- Having long enough passwords
- Having complex enough passwords
- Not reusing passwords
- Locking accounts for incorrect password attempts
In most companies, password policies are set by the IT guys through an Active Directory Domain Controller. If you have an AD controller at home, you aren’t reading this story anyway.
In Windows 2000 and later and Professional or higher versions, you can use the Group Policy Editor on a local machine to enforce these rules just like the IT professionals do. Here is how to do it
Basically, run gpedit.msc and under Computer – Windows – Security – Account – Password are the necessary settings. I don’t think this works for Premium or Home versions of Windows, but I could be wrong.
As a reference, I like these settings:
- 8 character min length (shorter is too trivial to hack)
- 63 day change period (always divisible by 7, so I change passwords on Tuesday, never Friday)
- 13 passwords remembered (to prevent the month showing up in the password)
- Complexity enabled (upper, lower, numbers, punctuation required)
- Enable lockout after 10 attempts
- Do not use reversible passwords
That ought to cover it.
Is there an easy way to share these settings on a home network without an AD controller?
Trackbacks
Use the following link to trackback from your own site:
https://blog.jdpfu.com/trackbacks?article_id=398
