Swif's Windows Password Policy helps administrators enforce robust security practices by defining password requirements for Windows devices in your organization. This article outlines each setting you can configure and provides recommendations for optimal security.
Configuration Options
Force a User to Have a Password
Description: Ensures every user account on the device has an active password.
Recommended Setting: Enabled to maximize security.
Minimum Password Length
Description: Specifies the minimum number of characters required for passwords.
Range: 0 to 14 characters.
Recommendation: A length of at least 8-12 characters for enhanced security.
Minimum Password Complexity
The Minimum Password Complexity setting defines the minimum strength required for user passwords on Windows devices.
This control ensures passwords meet a defined level of entropy by evaluating both password length and character diversity (letters, numbers, and symbols).
Stronger passwords increase resistance to brute-force and credential-guessing attacks.
Configuration
Setting | Description |
Minimum Password Complexity | Defines the minimum password strength score required for a valid password. |
Range |
|
Default Value |
|
Supported Platforms | Windows 10 and later |
Value Guidelines
Value | Behavior |
0 | Allows any password regardless of complexity. |
1β59 | Requires some level of complexity but allows weaker passwords. |
60 (Recommended) | Enforces strong passwords with sufficient length and character variety. |
61β100 | Enforces increasingly strict password complexity requirements. |
Higher values require passwords that are longer and contain more varied characters, which increases their entropy and resistance to attacks.
Best Practices
Use the default value of 60 or higher for most organizations.
Combine this setting with:
Minimum Password Length
Password History
Account Lockout Policies
Apply stricter values for administrative or privileged accounts.
Platform Requirements
Windows 10 or later
Password Complexity
Description: Requires passwords to contain a mix of uppercase letters, lowercase letters, numbers, and special characters.
Recommended Setting: Enabled to improve password strength.
Minimum Password Age
Description: Defines the minimum number of days before a user can change their password again.
Range: 0 to 998 days.
Recommendation: Set according to your organization's security policy. Generally, 1-2 days prevents rapid cycling of passwords.
Maximum Password Age
Description: Specifies the maximum duration (in days) a password can remain active before the user must change it.
Range: 1 to 998 days.
Recommendation: Set this period to 60-90 days to balance security and user convenience.
Password History
Description: Determines how many previously used passwords are remembered, preventing reuse.
Range: 0 to 24 passwords.
Recommendation: Use a higher setting (e.g., 10-24) to prevent users from frequently reusing old passwords.
Failed Attempts Count
Description: Specifies the maximum number of failed login attempts permitted before an account lockout.
Range: 0 to 999 attempts.
Recommendation: A lower number (e.g., 5-10 attempts) enhances security by reducing brute force risks.
Account Lockout Duration
Description: The duration (in minutes) an account remains locked after reaching the failed attempt threshold.
Range: 0 to 1440 minutes (24 hours).
Recommendation: Choose a period that sufficiently deters unauthorized access attempts without excessively impacting legitimate users, commonly 15-30 minutes.
Best Practices
Regularly update password policies to address emerging threats.
Educate users about the importance of strong, unique passwords.
Monitor account lockouts to detect possible security incidents.
Troubleshooting & Support
For assistance or further questions on configuring your Windows Password Policy with Swif, contact Swif Support.
Swif Policy glossary β see All Windows policies article for context.