We rely on security features like 2- factor authentication to safeguard our online data, but we tend to ignore the password policy of our personal computers (I doubt many know what it is exactly). Your Windows logon password is as important if not more, and hence not paying attention to it won’t be a wise thing to do.
It’s not that Windows doesn’t provide the option to make password policy better; it’s just that most of us are not aware of the feature. We set passwords at our convenience and then forget to change it on a timely basis.
So let me show you all the password policies that you can apply in Windows 7 and 8 to increase your computer’s security. We will also try to understand what these policies mean and how they work.
Enforcing Secure Password Policy
Open Start Menu and type in Local Security Policy to search and open it. When the Window opens up, navigate to Security Settings –> Account Policies –> Password Policy. Here you will see all the password rules that you can enforce on all the accounts that are configured on the system.
So let’s have a look what each of these policies means and how to configure them.
Enforce Password history
This particular module will keep an eye on the password that you use on your computer and store them in the history. Now when you change your password the next time, it will prompt you if you are using any of your old passwords and compel you to use a new one. Windows can record last 24 passwords, but it’s ideal to set it for last 8 passwords. To set the value, open the policy and set the value between 0 and 24.
Maximum Password Age
This particular policy will determine as to how many days you can use a password before you are forced to change it. The maximum password age can be set between 1 to 999 days. So when the user forgets to change the password in that particular time period, the system will enforce the user to change the password.
To disable the policy, simply change the value to 0 and the user’s password would never expire.
Minimum Password Age
This policy enforces the minimum number of days a user has to use a password before he can reset it. Ideally the value should not be more than 1 day, but just like the Maximum Password Age, it can be set to a number between 1 and 999 days. However, make sure that the value is less than the maximum password value.
Minimum Password Length
As the name implies, this policy makes sure that the password used by the users is of an ideal length. The ideal length of a password should be at least 8 characters but it can be any value between 1 and 14.
Password Must Meet Complexity Requirements
This is one of the most important parameters you must configure if you want the user to set a secure password that can be difficult to bypass.
If this policy is enabled, passwords must meet the following minimum requirements:
Not contain the user’s account name or parts of the user’s full name that exceed two consecutive characters
Be at least six characters in length
Contain characters from three of the following four categories:
English uppercase characters (A through Z)
English lowercase characters (a through z)
Base 10 digits (0 through 9)
Non-alphabetic characters (for example, !, $, #, %)
Complexity requirements are enforced when passwords are changed or created.
Store Password Using Reversible Encryption
This security setting determines whether the operating system stores passwords using reversible encryption. I don’t know much about the technical details related to the policy but the bottom line is that it will encrypt the password when it’s stored on the system.
These policies might not be that useful for a normal end user, but if you are running a small business and use Windows PCs in your office then it is important that you as an admin must enable this for all the users.