Microsoft’s suite of software and online services includes a minimum password length requirement. Some of them even require the inclusion of special characters. Windows 10 has a set of guidelines, but they don’t apply to local user accounts. Yes, you can create a local user account even without a password. However, it is dangerous. Therefore, we recommend that you set a minimum password length for your user account on your Windows 10 computer.
First let’s see how we can enforce a minimum password length requirement for local user accounts in Windows 10. Then we’ll see why you should.
Let’s get started.
Why you need a minimum password length for local user accounts
The short answer is privacy and security. I bet you know. Creating a local user account on the same computer allows you to access Windows offline without needing a Microsoft account. Local user accounts are local and do not require an Internet connection to allow access. That means account settings won’t sync between devices and everything will stay offline. Some users prefer it that way. You can still sign in to Windows apps and services, but not using a Microsoft account in Windows 10.
Microsoft has not added a minimum password length policy to local user accounts by default. You can turn that option on, but it’s hidden inside the Registry Editor and Group Policy Editor.
Someone with access to your computer can easily switch to this local user account and gain access to every nook and cranny on your hard drive. You don’t want that to happen. You may want to keep everything offline and not tied to a Microsoft account for various reasons. But there are also offline threats. Whether you’re at home, at the office, or at a cafe, anyone can physically access your computer and ruin your life.
Using a password would solve that, but people often use dumb passwords. Some popular examples of ‘dumb passwords’ are date of birth, license plate or house number and even 1234. Here the length of the password can be used. Forcing users to use longer passwords is always better. The FBI recommends that longer passwords, even with simple letters or numbers, are better than short passwords with special characters.
Related: How to get macOS Dynamic Wallpaper on Windows 10
The idea is simple but it makes sense. Longer passwords offer more possible combinations, making them harder to crack but easier to remember. This is because it will require more computing power and therefore more time to crack a longer password. And there is academic research that supports this theory.
This method is intended for Windows 10 Home users. Find and open Command Prompt (CMD) with administrator rights from the Start menu.
Here is the command to increase the minimum password length requirement. Replace the ‘PassLength’ text below with the minimum number of characters you want to use in the new password and press Enter.
net accounts /minpwlen:PassLength
Do you want to check if the command works? One way is to create a new local account and set a password that is shorter than the specified length. Another way is to issue the following command in CMD.
net accounts
You should see the minimum password length set here, among other things. That’s it. A local account will now require a minimum length password.
To remove the minimum password length requirement, issue the following command.
net accounts /minpwlen:0
This method is suitable for Windows Pro and Enterprise users who have access to GPE or Group Policy Editor. GPE includes a GUI, or graphical user interface, that lets you make system-level changes without having to fiddle with commands. However, caution is needed as things can go wrong.
I recommend making a backup or creating a restore point before proceeding. If you work for a company and have an IT administrator, check with them for more details, as domain policy will take precedence over your system policy.
Find the gpedit.msc in the Windows Start menu and open it.
Drill down into the following folder structure.
Computer Configuration\Windows Settings\Security Settings\Account policies\Password Policy
Remember: If you enter the value as 0 (zero), it means that no password is required for the local user account.
Enter the new value for the minimum password length in characters, click Apply and OK to save everything.
Do you want to have the best of both worlds? You can also force users to use special characters in their passwords. You can also force them to change their passwords every X days.
Related: How to change the login screen image in Windows 10
Double click to open the ‘Password must meet policy complexity requirements’ option.
Select Enable and save everything. These are the standards that will be applied by this policy:
- Password length as you prescribed in the previous step. The default is 6 characters.
- It cannot contain a user account name or full name that exceeds two consecutive characters.
- Must contain at least one (1) character:
- Uppercase letters (A to Z)
- Lowercase letters (a to z)
- Digits (0 to 9)
- special characters (!, @, #, $)
To force the user to change the password every X days, double-click to open the Maximum Password Age policy file.
Enter the number of days after the user is prompted to change their local user account password. These additional controls are there to improve security, but it can be a pain to remember new passwords. This can be overwhelming, especially for older people who have difficulty working with computers and remembering passwords. So set a favorable number like 45 days or 90 days.
Maximum Security Measures
Carefully set minimum password length criteria. You may want to find a balance between ease, ease of use, and security. A lot depends on where you work, the technical skill range of the users working on these computers, and how much you want to protect what’s on that HDD/SSD. This can be a hassle if you share the computer with someone in your family.
Fortunately, Microsoft has made things very flexible recently by giving administrators more control over how various aspects of local and online accounts are managed.
Next: Accidentally deleted an administrator account in Windows 10? Click the link below for information on how to recover a deleted administrator account. Better yet, learn how to avoid that situation altogether.