For your security, Microsoft already requires a minimum password length for all Microsoft accounts. If you want to strengthen all local accounts, you can set a minimum password length for each user in Windows 10. Here’s how.
By default, when you create a new local user on Windows 10, the account does not require a password. However, if you want to implement a minimum password length for everyone, there are two ways to enforce this prerequisite for the security of your computer.
Private users: define a minimum password length via the command line
First, you will need to run an elevated command prompt instance. If you prefer to use PowerShell, you can also use it. The following command works almost the same on both programs, but be sure to click “Run as administrator” if you choose to use PowerShell.
Click the Start button, type “cmd” in the search box, right-click the result “Command Prompt”, then select “Run as administrator”.
At the prompt, type the following command (replacing “PassLength” with the minimum password length you want to apply):
net accounts / minpwlen: PassLength
Press the Enter key and you will see a prompt telling you that the command has completed successfully.
Note: While you can technically choose anything from 1 to 20 characters, try to choose something that provides adequate security and doesn’t make it too difficult for users to remember their passwords.
Now, if you want to make sure it has been applied, type the following command, then hit the Enter key to check:
To remove the minimum password length, type the following command to remove the passwords required for local accounts:
net accounts / minpwlen: 0
To make your accounts even more secure, you can apply a maximum password age, which forces users to generate a new password after a certain time.
Pro and Enterprise users: set a minimum password length via group policy
For those who don’t want to mess around with the command prompt or if you’re more comfortable with a graphical interface, Windows 10 Professional and Enterprise users can take advantage of the local Group Policy Editor. It’s a pretty powerful tool, so if you’ve never used it before, it’s worth taking some time to learn what he can do.
In addition, if you are on a corporate network, do everyone a favor and consult your administrator first. If your work computer is part of a domain, it is also likely to be part of a domain group policy that will replace local group policy anyway.
You should also make a system restore point before continuing. Windows will likely do this automatically when you install the anniversary update. Still, it couldn’t hurt to do one manually – that way, if something is wrong, you can always go back.
First, launch the Group Policy Editor by pressing Windows + R, typing “gpedit.msc” in the box, then pressing the Enter key.
Go to Computer Configuration> Windows Settings> Security Settings> Account Policies> Password Policy.
Once here, locate the “Minimum password length” setting and double-click it.
In the properties menu that opens, enter the minimum length of the password you want to apply and click “OK” when you are finished.
As a bonus, if you want to enable password complexity requirements, you can have users create a much more secure password that must meet specific criteria. Windows applies these complexity requirements when users change or create passwords.
If enabled, passwords must meet the following criteria:
Must not contain the user’s account name or parts of the user’s full name that exceed two consecutive characters.
Make at least six characters.
Contains characters from three of the following four categories:
English capital letters (A to Z).
Lowercase English characters (a to z).
10-digit base (0 to 9).
Non-alphabetic characters (for example,!, $, #,%).
Double-click “Password must meet complexity requirements” to open the properties menu.
When the properties menu opens, click on the radio button next to “Enabled”, then select the “OK” button when you are finished.
That’s all we can say about it. You can now close the Group Policy Editor. Changes to this policy become effective immediately and do not require restarting your device.