Therefore, if we ask ourselves what the Windows password policy is for and why we should use it, the answer is clear: security. If we want to avoid intruders and minimize the probability that the password will be found, it is a good idea.
How to access the password policy
First of all we have to go to Local Group Policy Editor. To do this, just press the Windows + R key combination and run gpedit.msc. We can also right-click on the Start button and click Run.
When we are inside we must go to Computer Configuration, Windows Settings, Security Settings and Account Policies. We have to open this folder and others will appear. The one that interests us is the password policy.
A menu will appear with all the possible configurations. They will basically be the elements that we will be able to enable and configure within the Windows password policy. It is the main part of all this and we will see it as it appears in the image below.
Enable requirements and settings
After explaining how we can access the Windows password policy, we are going to talk about each of the features. All of them will help to make the key that we believe is as secure as possible and that it meets all the requirements to keep possible intruders away.
Of course, we must bear in mind that all these requirements that we are going to see and that we can enable or not, will not be applied with the passwords that we already have created. Therefore, if we want to improve security, it is advisable to change the password once we configure this correctly.
Password must meet complexity requirements
First of all, we must activate the feature “The password must meet the complexity requirements.” By default it will be disabled. Basically it is what will allow the new password that we create, or when changing an existing password, meet the requirements such as length or use of upper and lower case letters, numbers and other characters.
These last parameters that we mention are what will really give complexity to an access key. We should not create one that only has letters or even letters and numbers; Ideally, it should also have an additional symbol, such as “%”, “&”, “$” …
If we click and click on Properties and then go to Explanation, we will see the information related to this feature.
Require password history
This is interesting to ensure that we create unique passwords and that they do not repeat themselves. Let’s say that a while ago we used a password and it was leaked for some reason. We created a different one but when we changed it again we put the same one that was leaked a long time ago.
By demanding password history, Windows will not let us put a password that we already put previously. By default it will not save passwords, but we can put a number for it to do so. For example “20” and remember the last 20 keys that we have put.
Minimum password length
Another very important factor is the password length. Simply by adding a letter, a number or an additional symbol to a password, we will make it much more secure. Therefore, the amount we put in is going to be essential.
When we activate the complexity requirements, automatically the minimum length of that password becomes 6. We could not, for example, create a password that was only 5 characters long. In that case it would be considered unsafe and would not let us.
Now 6 is still a very low number. Ideally, you should have at least 10-12 characters. We can configure it in this way and require us to have passwords that are longer and we can be more secure.
Maximum and minimum validity of the password
We will also see that two options appear that indicate the maximum and minimum validity of a key. By default, the first case is marked at 42 days and the second at 0 days. What does this mean?
Assign a maximum validity it means that we will have to change the password before that date. For example, if we put 30 days or if we leave the 42 days that are predetermined, once that time passes Windows will require us to put another password and we will avoid always using the same one.
In the case of minimum validity, this means that it is the minimum time that a key that we have created will be valid. In this way we will avoid changing the password before that date. However, this is ideal to keep it at 0 and allow us to change it as many times as we want, since it is not a problem.
Store passwords with reversible encryption
If we look at the list of features that we have within the password directive, one of them is to store passwords with reversible encryption. We can activate it or not and it is one more option that can determine security and be more or less protected.
In this case, what we do is enable or disable Windows to store passwords with reversible encryption. This will provide support for applications that use protocols that require knowledge of the user’s password for authentication purposes.
Our advice is never enable this option. It basically means the same as having plain text passwords stored. It is not ideal and unless it is necessary for some reason and interests us, we should leave it as it appears by default.
How to see the new policy work
We have explained how to enable the password policy and what each of the sections that we will see in the main menu are for. Now it only remains to put it into practice and verify that it really works and will fulfill its mission, which is none other than allowing us to have totally secure passwords.
What can we do? Well there is nothing better than Create a password. To do this we have to go to Start, Settings, we go to Accounts and there we click on Login Options. In “Password” we give Add and put anything that does not meet the requirements that we have set. For example 12345.
When we have created the password and click Next, it will send us a message indicating that the password we have entered does not meet the requirements of the password policy. This will show us that it has indeed been configured correctly.
Ultimately, this is how the Windows password policy works. It is an interesting feature to maximize the security of the keys that we create in the system. One more way to be protected and avoid problems.