How to Enforce Secure Password Policy in Windows 7 and 8

We rely on security features like 2- factor authentication to safeguard our online data, but we tend to ignore the password policy of our personal computers (I doubt many know what it is exactly). Your Windows logon password is as important if not more, and hence not paying attention to it won’t be a wise thing to do.

secure-lock

It’s not that Windows doesn’t provide the option to make password policy better; it’s just that most of us are not aware of the feature. We set passwords at our convenience and then forget to change it on a timely basis.

So let me show you all the password policies that you can apply in Windows 7 and 8 to increase your computer’s security. We will also try to understand what these policies mean and how they work.

Enforcing Secure Password Policy

Open Start Menu and type in Local Security Policy to search and open it. When the Window opens up, navigate to Security Settings –> Account Policies –> Password Policy. Here you will see all the password rules that you can enforce on all the accounts that are configured on the system.

local-security-policy

So let’s have a look what each of these policies means and how to configure them.

Enforce Password history

This particular module will keep an eye on the password that you use on your computer and store them in the history. Now when you change your password the next time, it will prompt you if you are using any of your old passwords and compel you to use a new one. Windows can record last 24 passwords, but it’s ideal to set it for last 8 passwords. To set the value, open the policy and set the value between 0 and 24.

Maximum Password Age

This particular policy will determine as to how many days you can use a password before you are forced to change it. The maximum password age can be set between 1 to 999 days. So when the user forgets to change the password in that particular time period, the system will enforce the user to change the password.

maximum-password-exp-date

To disable the policy, simply change the value to 0 and the user’s password would never expire.

Minimum Password Age

This policy enforces the minimum number of days a user has to use a password before he can reset it. Ideally the value should not be more than 1 day, but just like the Maximum Password Age, it can be set to a number between 1 and 999 days. However, make sure that the value is less than the maximum password value.

Minimum Password Length

As the name implies, this policy makes sure that the password used by the users is of an ideal length. The ideal length of a password should be at least 8 characters but it can be any value between 1 and 14.

Password Must Meet Complexity Requirements

This is one of the most important parameters you must configure if you want the user to set a secure password that can be difficult to bypass.

password-policy

If this policy is enabled, passwords must meet the following minimum requirements:

  • Not contain the user’s account name or parts of the user’s full name that exceed two consecutive characters
  • Be at least six characters in length
  • Contain characters from three of the following four categories:
  • English uppercase characters (A through Z)
  • English lowercase characters (a through z)
  • Base 10 digits (0 through 9)
  • Non-alphabetic characters (for example, !, $, #, %)
  • Complexity requirements are enforced when passwords are changed or created.

Store Password Using Reversible Encryption

This security setting determines whether the operating system stores passwords using reversible encryption. I don’t know much about the technical details related to the policy but the bottom line is that it will encrypt the password when it’s stored on the system.

Conclusion

So these were the 6 policies that you can enable on your Windows system to make sure that secured password policies are applied and your data remains safe from unauthorized access.

These policies might not be that useful for a normal end user, but if you are running a small business and use Windows PCs in your office then it is important that you as an admin must enable this for all the users.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s