For your security, Microsoft already requires a minimum password length for all Microsoft accounts. Should you want to reinforce all local accounts, you can set a minimum password length for each user on Windows 10. Here’s how.
By default, when you create a new local user on Windows 10, the account doesn’t require a password. However, if you want to implement a minimum password length for everyone, there are a couple of ways to apply this prerequisite for the safety of your computer.
Home Users: Set a Minimum Password Length Via Command Line
First, you’ll need to run an elevated instance of Command Prompt. If you prefer using PowerShell, you can use that as well. The following command works virtually the same on either program, but be sure to click “Run As Administrator” if you choose to use PowerShell.
Click the Start button, type “cmd” into the search box, right-click on the “Command Prompt” result, and then select “Run As Administrator.”
At the prompt, type the following command (replacing “PassLength” with the minimum password length you want to apply):
net accounts /minpwlen:PassLength
Press the Enter key, and you’ll see a prompt telling you the command completed successfully.
Note: While you can technically choose anything from 1-20 characters in length, try to choose something that provides adequate security and doesn’t make it too difficult for users to remember their passwords.
Now, if you want to make sure it’s been applied, type in the following command and then press the Enter key to check:
To remove minimum password length, type in the following command to remove mandatory passwords for local accounts:
net accounts /minpwlen:0
To make your accounts even more secure, you can enforce a maximum password age, which gets users to generate a new password after a length of time.
Pro and Enterprise Users: Set a Minimum Password Length Via Group Policy
For anyone that doesn’t want to mess around with Command Prompt or if you feel more comfortable with a graphical interface, Windows 10 Pro and Enterprise users can take advantage of the Local Group Policy Editor. It’s a pretty powerful tool, so if you’ve never used it before, it’s worth taking some time to learn what it can do.
Also, if you’re on a company network, do everyone a favor and check with your admin first. If your work computer is part of a domain, it’s also likely that it’s part of a domain group policy that will supersede the local group policy, anyway.
You should also make a System Restore point before continuing. Windows will probably do this automatically when you install the Anniversary Update. Still, it couldn’t hurt to make one manually–that way, if something goes wrong, you can always rollback.
First, launch the group policy editor by pressing Windows+R, typing “gpedit.msc” into the box, and then pressing the Enter key.
Navigate to Computer configuration > Windows settings > Security settings > Account policies > Password policy.
Once here, locate the setting “Minimum Password Length” and double-click on it.
From the properties menu that opens, type in the minimum password length you want to apply and click “OK” when you finish.
As a bonus, if you want to enable password complexity requirements, you can make users create a much more secure password that must meet specific criteria. Windows enforces these complexity requirements when users next change or create passwords.
If enabled, passwords must meet the following criteria:
- Not contain the user’s account name or parts of the user’s full name that exceed two consecutive characters.
- Be at least six characters in length.
- Contain characters from three of the following four categories:
- English uppercase characters (A through Z).
- English lowercase characters (a through z).
- Base 10 digits (0 through 9).
- Non-alphabetic characters (for example, !, $, #, %).
Double-click “Password must meet complexity requirements” to open up the properties menu.
When the properties menu opens, click the radio button next to “Enabled” and then select the “OK” button when you’re finished.
That’s all there is to it. You can now close the Group Policy Editor. Changes made to this policy become active immediately and don’t require a restart of your device.