How to Set Minimum Password Length in Windows 10 and Why Should You Set It

How to Set Minimum Password Length in Windows 10 and Why Should You Set It

Microsoft’s software and online services package includes a minimum password length. Some of them even require the inclusion of special characters. Windows 10 has its set of guidelines, but they don’t apply to local user accounts. Yes, you can create a local user account even without a password. However, it is risky. We therefore recommend that you set the minimum password length for your user account on your Windows 10 computer.

Let’s see how we can enforce a minimum password length requirement for local user accounts in Windows 10 first. Then we will see why you should do it.

Let’s start.

Why you need a minimum password length for local user accounts

The short answer is privacy and security. I bet you know that. Creating a local user account on the same computer allows you to access Windows offline without the need for a Microsoft account. Local user accounts are local and do not need internet connectivity to allow access. This means that account settings will not be synced across all devices and everything will stay offline. Some users prefer it that way. You can still sign in to Windows apps and services, but without using a Microsoft account on Windows 10.

By default, Microsoft has not added a minimum password length policy to local user accounts. You can enable this option, but it is hidden deep in the Registry Editor and the Group Policy Editor.


How to set the minimum password length in Windows 10 8

Anyone with access to your computer could easily switch to this local user account and access every nook and cranny on the hard drive. You don’t want this to happen. You may want to keep everything offline and not linked to a Microsoft account for a variety of reasons. But there are also offline threats. Whether you are at home or in an office or cafe, anyone could physically access your computer and wreak havoc in your life.

Using a password solves that, but people often use stupid passwords. Some popular examples of “stupid passwords” are date of birth, house or license plate numbers, and even 1234. This is where the length of the password can come in handy. Forcing users to use a longer password is always better. The FBI recommends that longer passwords, even with simple letters / numbers, be better than short passwords with special characters.


How to set the minimum password length in Windows 10 9

The idea is simple but logical. A longer password offers more possible combinations, which makes it more difficult to decrypt but easier to remember. Indeed, it will take more computing power, and therefore more time, to decipher a longer password. And there is academic research to support this theory.

1. Set the minimum password length using CMD

This method is intended for Windows 10 Home users. Find and open the command prompt (CMD) with administrator rights from the Start menu.


How to set the minimum password length in Windows 10 1

Here is the command to increase the minimum password length requirement. Replace the text “PassLength” below with the minimum number of characters you want to use in the new password and press Enter.

net accounts /minpwlen:PassLength

Do you want to check if the command worked? One way is to create a new local account and set a password that is less than the defined length. Another way is to give the command below in CMD.

net accounts

How to set the minimum password length in Windows 10 2

You should see the minimum password length prescribed here, among others. That’s it. A local account will now require a password of minimum length.

To remove the minimum password length requirement, run the command below.

net accounts /minpwlen:0

2. Set the minimum password length using the Group Policy Editor

This method is suitable for Windows Pro and enterprise users who have access to GPE or the Group Policy Editor. GPE comes with a graphical interface or a graphical user interface, which allows you to make system level changes without having to mess around with the commands. However, caution is advised as things could go wrong.

I would recommend making a backup or creating a restore point before continuing. If you work in a company and have an IT administrator, check with him for more details as the domain policy will take precedence over your system policy.

Search gpedit.msc from the Windows Start menu and open it.


How to set the minimum password length in Windows 10 3

Access the folder structure below.

Computer ConfigurationWindows SettingsSecurity SettingsAccount policiesPassword Policy

How to set the minimum password length in Windows 10 4

Double-click the Minimum Password Length Policy File file to open it. You will notice that it indicates 21 characters on the right, which we defined in the above step in CMD.

Note: If you enter the value 0 (zero), it means that no password is required for the local user account.


How to set the minimum password length in Windows 10 5

Enter the new value for the minimum password length in characters, click Apply and OK to save everything.

Do you want to have the best of both worlds? You can also force users to use special characters in their passwords. You can also force them to change their passwords every X days.

Double-click to open the option “Password must meet complexity requirements”.


How to set the minimum password length in Windows 10 6

Select Activate and save all. Here are the criteria that will be applied via this policy:

  • Password length as prescribed by you in the above step. The default value is 6 characters.
  • It cannot contain the account name or full name of the user that exceeds two characters consecutively.
  • Must contain at least one (1) character:
    • Capital letters (A to Z)
    • Lowercase (from a to z)
    • Numbers (0 to 9)
    • special characters (!, @, #, $)

To force the user to change the password every X days, double-click to open the Maximum Password Age policy file.


How to set the minimum password length in Windows 10 7

Enter the number of days after which the user will be prompted to change the password for their local user account. These additional controls are there to improve security, but it can be difficult to remember new passwords. This may be a little too much, especially for older adults who find it difficult to work with computers and remember passwords. So define a favorable number as 45 days or 90 days.

Maximum security measures

Carefully define the minimum password length criteria. You may want to strike a balance between ease, usability and security. A lot will depend on where you work, the technical skill set of the users who work on these computers, and the amount of protection you want to bring to this hard drive / SSD. This can become a nuisance if you share the computer with a family member.

Fortunately, Microsoft recently made things very flexible by giving administrators more control over the management of different aspects of local and online accounts.

Then:

Have you accidentally deleted an administrator account in Windows 10? Click the link below to learn how to recover the deleted administrator account. Better yet, learn to completely avoid this situation.

Last updated March 6, 2020

Related posts:

  1. Top 10 Ways to Fix Chrome Passwords Not Syncing Issue
  2. Top 3 Ways to Backup Chrome Bookmarks and Passwords
  3. 8 Ways to Open Local Security Policy in Windows 10 and 11
  4. 6 Best Ways to Change User Account Name in Windows 10
  5. How to Sync Passwords, Bookmarks, and Extensions in Microsoft Edge
  6. How to Set Up Local Folder Sharing Between Windows and Mac
  7. How to Export Chrome Passwords to CSV in Desktop, Mobile, and Web
  8. Top 3 Ways to Import Passwords From CSV in Google Chrome
  9. How to Disable the Login Password Screen in Windows 10
  10. How to Manage Saved Passwords on Microsoft Edge

Leave a Reply