To change or not to change? That is the question.
Almost everything that has to do with online security is a hotly contested topic, and passwords are no exception. For a long time, there has been the belief that regular, frequent password changes are the way to go to protect computers, accounts and profiles from theft and other privacy breaches.
Recently, a new school of thought has gained steam while arguing against too frequent password changes. It can be difficult to remember all the passwords for all the accounts a user has. Changing each one frequently merely adds an extra layer of difficulty. Moreover, laziness and tiredness are sure to set in causing people to choose weaker passwords for each round.
Irrespective of the contention over password change frequency, everyone agrees that it is still better to replace a password after a reasonable length of time. Microsoft pegs this period at 72 days, while other people have their own definition. You, of course, will have yours as well.
Agreeing that changing your password is good is one thing; remembering to change it is quite another matter. Many people are sure to forget about changing their passwords.
Therefore, on Windows 10, Microsoft introduced a feature that sets the maximum password age on user accounts. This means that after a certain interval, you will be prompted to change your password on either your Microsoft account or local account.
If you would love to try out this feature, you have come to the right place. Read on to learn how to set the maximum password duration for your Windows 10 user accounts.
What Is the Maximum Password Age in Windows 10?
The maximum password age is defined as the length of time for which a given password is valid. Of course, you can use one password forever if you so desire, but this is not recommended for obvious security reasons.
Because of the increasing incidence of cyberattacks, most online security organizations advise changing your password every now and then. You don’t have to do it monthly, but you should remember to do so at least two to four times a year.
The issue, of course, is that most of us forget to change it, believe that we do not need to change it, or are too lazy to bother about it. Therefore, Microsoft introduced the idea of the maximum password age to Windows 10.
Of course, this is nothing new in the wider online world, but Windows 10 users can now set their passwords to expire every 72 days thanks to a feature included in the Microsoft account settings. Those who use local accounts can do the same as well after changing a setting to enable the feature offline.
Why Set the Maximum Password Age?
Passwords are the gateways to one’s personal information. Your user account password provides access to all your files, applications and details stored within that account. If it is known to others, your privacy can be easily breached.
By setting the maximum password age, you get to change your password periodically. This prevents online criminals from easily gaining access to your computer. Moreover, it can protect you from massive hacks that expose account information stored on a company’s servers.
If you work in a critical industry or your computer contains plenty of sensitive information, changing your password every now and then is recommended by experts. Setting the maximum password age can help you to accomplish this.
Although this guide zeroes in on how to create a password expiration period for Microsoft accounts and local accounts on Windows 10, another thing that can protect you is having a good antivirus installed. Team Windows Defender with a more powerful anti-malware and anti-spyware tool like Auslogics Anti-Malware to completely protect your system from digital thieves, hackers and viruses.
How to Set a Password Expiration Date in Windows 10
Do you want to set your user account to force you to change your password after a specific time has passed? You can do this easily on Windows 10. No complicated registry tweaks or workarounds are necessary.
For those with a Microsoft account, the whole procedure can take just a couple of minutes and involves creating a new password for their account online. For those with local accounts only, the feature can be enabled through the Local Group Policy Editor or a command-line interface, depending on the edition of Windows installed on the computer.
Below, we explain the procedure for setting the maximum password duration for both Microsoft accounts and local accounts.
Set the Password Expiration Duration for Your Microsoft Account
Chances are you are using a Microsoft account on your computer. A Microsoft account is linked to things like data and settings synchronization across devices and Windows activation. It is no wonder that Microsoft wants everyone to use one.
You can go beyond just having a Microsoft account and tighten your security some more by changing your password every 72 days. Thanks to the “Make me change my password” feature, you won’t have to manually do it yourself. Once you have given authorization to Microsoft, you will be prompted to replace your current password every 72 days.
Note that to use this feature, you have to first change your current account to a new one. Doing this and setting a password expiration date for your Microsoft account will be done online.
To begin, go to the Microsoft account security area (you must sign in first). You will see the “Change password” option below a key symbol. Click the Change link to proceed.
On the next screen, fill in your current password and create another one that is strong, long and secure. Re-enter the new password in the given field, but don’t click the blue Save button yet.
Tick the “Make me change my password every 72 days” checkbox to turn on the feature. You can now click the Save button to confirm your changes.
The page will reload to the Microsoft login page. At this point, you can close the page and return to your desktop.
To begin using the new password with expiration built-in, you must first sign out of Windows and sign back in with your new password. Make sure your internet connection is enabled when you do this for the first time so the system can verify your new credentials.
72 days later, you will get your first prompt to change your password – assuming you haven’t turned the feature off by then.
Set the Password Expiration Duration for a Local Account
For some reason, you currently use only a local account on your computer and still wish to be able to use expiring passwords. Don’t worry, this is possible on a local account as well. However, Microsoft didn’t enable the setting that would make the feature available on non-Microsoft accounts. In other words, you need to turn on this setting first; then you can go ahead and enable password expiration on a local Microsoft account.
This setting can be found among the Advanced User Accounts Settings options in Windows 10.
- To access this area, first launch the Run box with Win Key+R. Next, type “netplwiz” (without quotes) in the field and click OK to launch the User Accounts Settings dialog.
- In the User Accounts dialog, switch to the Advanced tab and click the Advanced button in the “Advanced user management” group. This will open the Local Users and Groups utility.
- In the new window, select Users in the left menu pane. This will display your user accounts on the right. Right-click the one for which you want to enable password expiration (actually, it doesn’t really matter which one you choose), and select Properties from the context menu. In the General tab of the Administrator Properties dialog, uncheck the “Password never expires” option.
- Click the OK button and you are done.
From this point on, you will be able to set password expiration for your selected local account on this computer.
Unlike with a Microsoft account, you don’t need to go online to set an expiry date for a local account password. This also frees you from Microsoft’s maximum password expiration limit of 72 days. On a local account, you can set the limit to any number of days you want. You can set it to the next day or week or two years from now if you so desire. Cool, right?
Once the “Password never expires” setting has been turned off, as shown above, the system already starts counting down the time until you need to change your current password. The default preset value is 42 days; so, even if you do nothing more, it has already become active and you will definitely get the prompt to change your password after the time has expired.
The next two steps below outline what to do if you want to change the password expiration duration from the default 42 days to a value of your own liking.
- Set the Maximum Password Duration Using the Local Group Policy Editor (for Windows 10 Pro, Enterprise, and Education)
The method in this section does not work for Windows 10 Home, which means a majority of Windows 10 users can’t use it. Don’t worry though, the next method will work for Home editions of Windows 10.
The method we will explain here is for you if you have a Pro, Enterprise or Education edition of Windows 10. The targeted settings in the Local Group Policy Editor are accessible only on these editions.
Without further ado, let’s dive into the process:
- Open the Run box with Win Key+R.
- Type “gpedit.msc” (without quotes) and hit Enter or click the OK button.
- The Local Group Policy Editor will be launched.
- On the left are the main Group Policy classifications, and on the right are the sub-menus and settings. Click Computer Configuration. You will find it at the top of the left menu pane.
- Click Windows Settings under Computer Configuration to expand it.
- Click Security Settings under Windows Settings to expand that as well.
- Under Windows Settings, click Security Settings, and under Security Settings, click Account Policies.
- Finally, click Password Policy under Account Policies.
- You will see a list of password policies in the right pane. Double-click on the “Maximum password age” item.
- The Maximum Password Age Properties dialog will pop up.
- In the Local Security Setting tab, change the value in the “Password will expire in” field to the number of days you prefer.
- Click Apply, and then click OK.
From that point on, Windows starts counting down the number of days you have chosen. When it is time to choose another password, Windows will prompt you to replace the current one.
- Set the Maximum Password Duration Using the Command Prompt or Windows PowerShell (for All Editions of Windows 10)
If you are using Windows 10 Home and wish to change the password for your local account at regular intervals, this section is for you. Those using Windows 10 Pro, Enterprise and Education can also use this method as an alternative to using the Local Group Policy Editor method explained above.
This method relies on a command-line interface. This means you can use either the Command Prompt or Windows PowerShell. It doesn’t matter which one you choose; the result is still the same.
Let’s begin, then. Right-click the Start menu icon to bring up the Quick Access menu. From here, you can select either Windows PowerShell (Admin) or Command Prompt (Admin). You will see one or the other but not both. However, as the command to run will work equally well on each, it doesn’t matter.
When the command line window opens, you should type “net accounts” and press the Enter key. This will display information pertaining to the passwords for your local accounts.
To set a new password duration limit instead of the default 42 days, run the following command:
net accounts /maxpwage:ab
In place of ab, input the duration (in days) that you want to use a password before Windows prompts you for a change.
Once you successfully run this command, the maximum password age for all your local accounts will be automatically changed.