How Do I Set a Proper Password Complexity Policy in a Windows OS?

A proper password complexity policy would be: eight characters for the length of a password and at least three types of the following characters used: uppercase letters, lowercase letters, digits, and special characters.

Perform the following steps to set a local security policy:

1. Log in to the OS as user Administrator. Choose Start > Control Panel > System and Security > Administrative Tools. In the Administrative Tools folder, double-click Local Security Policy.
   

   • Alternatively, click Start and type secpol.msc in the Search programs and files box.
   • When a policy is applied to a server, the domain policy takes precedence over the locally defined policy on the server.

2. Choose Account Policies > Password Policy and perform the following operations.
   • Double-click Password must meet complexity requirements, select Enable, and click OK to enable the policy.
   • Double-click Minimum password length, enter the length (greater than or equal to 8), and click OK to set the policy.

3. Press Windows+R to open the Run window.
4. Enter cmd and click OK. The command prompt window is displayed.
5. Run the following command to refresh policies:

   gpupdate/force

   After the refreshing, the settings will be applied.