How to Force Windows 10 Users to Change Passwords Regularly

[nir]

Keep accounts secure with periodic password changes

Changing passwords for your accounts is one of the best security practices, as this could help prevent the data from being compromised even if a password is exposed to hackers.

While this is something you can do for pretty much every account, on Windows 10, you can not only set policies to force a password change every once in a while, but also to force the other users accessing your computer to do the same.

It goes without saying that this trick comes in handy specifically for IT pros and IT admins, but at the same time, it can also help protect home users from potential hacks.

As expected, doing this isn’t really straightforward, though as you’ll discover in the next few paragraphs, it all comes down to just a few steps depending on the method you choose.

And speaking of methods, there are two of them and you can use whatever you like, though for the Group Policy you need Windows 10 Pro. In both cases, an administrator account is required.

Method #1 – Using the Group Policy Editor

First and foremost, you need to launch the Group Policy Editor by typing its name or gpedit.msc either in the Start menu or in Windows key + R.

Navigate to the following path in the Group Policy Editor:

Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policy

In the right side of the screen, you need to locate a policy that is called:

Maximum password age

Double-click this policy to change its settings and provide the number of days that you want to use before it expires. You can enter any number between 1 and 999, or simply input 0 if you don’t want passwords to expire. Microsoft recommends choosing a number between 30 and 90 days. Microsoft provides additional info:

“If the maximum password age is between 1 and 999 days, the Minimum password age must be less than the maximum password age. If the maximum password age is set to 0, the minimum password age can be any value between 0 and 998 days.”

Once you make the changes, close all windows, and the policy should be enabled the next time you reboot your computer. Counting the days for the password change, however, starts from the moment you save the new settings in the policy screen.

 

Method #2 – Using Command Prompt

This time, you’re going to need an elevated Command Prompt (a Command Prompt window launched with administrator privileges), so click the Start menu, type cmd.exe, right-click the result > Run as administrator.

In the active Command Prompt window, you need to run the following command in order to enable the policy that sets passwords to expire after a defined period of time:

wmic UserAccount set PasswordExpires=True

If you just want to enforce the password change policy just for a specific user account, you need to use the following command, but change the username tag with the name of the account:

wmic UserAccount where Name='USERNAME' set PasswordExpires=True

Once the new policy is active, you have to define the number of days that accounts are valid for. To do this, enter the following command and change the XX tag with the number of days you want to use:

net accounts /maxpwage:XX

At this point, the password expiration policy should be up and running with the configured number of days that you mentioned in the previous command. You can review the status of your account and the available settings by typing the following command:

net accounts

 

Source

[The AchieVer]

It’s a useful thing.......... coz people won’t change it out of sheer lethargy 

[Shalsh95]

I never changed my password for about 2 years, it saves the pain thinking of password everytime you login 😅 after sometime you involuntary enter the correct password and it is very comforting not to think of it everytime 😅

While regularly changing the password is a good security practice, its a pain in *** when it comes to reliability 😃

[The AchieVer]

It’s always the best practice to change your password at regular intervals.......

It’s one way of staying one step ahead 🙂

[MrZeb]

Quote

...change your password at regular intervals

 

Not according with the most recent security guidelines...

Quote

Remove periodic password change requirements
This is one that legions of corporate employees forced to create a new password every month will surely be happy about. There have been multiple studies that have shown requiring frequent password changes to actually be counterproductive to good password security, but the industry has doggedly held on to the practice. Hopefully, these new recommendations will change that.

https://www.passwordping.com/surprising-new-password-guidelines-nist/

https://www.grahamcluley.com/new-nist-guidelines-do-away-with-periodic-password-changes/

[luisam]

Passwords to access Windows makes no real sense for home laptops and computers, specifically if you are the only user, it just annoys users. Options to remove useless passwords should be direct and explicit. I don't want any password and don't want any mandatory option to change periodically my password! I've been trying to remove mandatory PIN from my laptop but somehow available procedures won't work. Once PIN access is removed, it keeps asking for my email and MICROSOFT access, making it even more annoying... so I reinstalled the PIN.

[Kalju]

Oh god, I thought all time  that people are a minded beings!
But is no a minding beings,  it's like a full rock age.

Put a head under the sand and no one sees you? Oh my big god, help us!!!

[MrZeb]

13 hours ago, luisam said:

Passwords to access Windows makes no real sense for home laptops and computers, specifically if you are the only user, it just annoys users. Options to remove useless passwords should be direct and explicit. I don't want any password and don't want any mandatory option to change periodically my password! I've been trying to remove mandatory PIN from my laptop but somehow available procedures won't work. Once PIN access is removed, it keeps asking for my email and MICROSOFT access, making it even more annoying... so I reinstalled the PIN.

 

If you use a Microsoft account to access the system instead of a local account the PIN option is the easiest solution.

With a local account you can choose to have no password.

[Arachnoid]

Quote

Changing passwords for your accounts is one of the best security practices

It has been proved time and again this is totally untrue as forcing people to continually change their passwords actually makes the system security much weaker because in the end the user gets lazy trying to remember a continual changing password.Instead they choose to either modify only part of the password i.e. XXXX1234 to XXXX2345 or even writing it down in plain text and affixing it near the device.

[The AchieVer]

For laziness you could always use a good password manager 🙂

[The AchieVer]

@nir 

I really appreciate your contributions, you silently spread the information everywhere.

🙂

[nir]

3 minutes ago, The AchieVer said:

I really appreciate your contributions

It is you with a discerning eye who sees it this way.  Much obliged.

[The AchieVer]

Just now, nir said:

It is you with a discerning eye who sees it this way.  Much obliged.

Good deeds are generally done silently and surely you are doing your best to spread the information.

Your efforts are very much appreciated.

🙂

[Arachnoid]

59 minutes ago, The AchieVer said:

For laziness you could always use a good password manager 🙂

That requires you to be logged in already........