Help Center/ Host Security Service/ FAQs/ Baseline Inspection/ How Do I Set a Proper Password Complexity Policy in a Windows OS?
Updated on 2024-06-28 GMT+08:00

How Do I Set a Proper Password Complexity Policy in a Windows OS?

A proper password complexity policy would be: eight characters for the length of a password and at least three types of the following characters used: uppercase letters, lowercase letters, digits, and special characters.

Perform the following steps to set a local security policy:

  1. Log in to the OS as user Administrator. Choose Start > Control Panel > System and Security > Administrative Tools. In the Administrative Tools folder, double-click Local Security Policy.

    • Alternatively, click Start and type secpol.msc in the Search programs and files box.
    • When a policy is applied to a server, the domain policy takes precedence over the locally defined policy on the server.

  2. Choose Account Policies > Password Policy and perform the following operations.

    • Double-click Password must meet complexity requirements, select Enable, and click OK to enable the policy.
    • Double-click Minimum password length, enter the length (greater than or equal to 8), and click OK to set the policy.

  3. Press Windows+R to open the Run window.
  4. Enter cmd and click OK. The command prompt window is displayed.
  5. Run the following command to refresh policies:

    gpupdate/force

    After the refreshing, the settings will be applied.