If users are required to type in usernames and passwords, they should also be required to change their passwords on a regular basis. Passwords are meant to increase security. However, if a user can continue using the same password, it decreases security.
By configuring a password age, you can force users to change their password at a specific interval. For example, with a maximum password age of 30 days, users must change their passwords every 30 days.
You can set the maximum password age and thereby force users to change their passwords by editing the local security policy. The steps are described below.
- Click Start and type secpol.msc in the search box.
- Press Enter.
- Within the Local Security Policy, navigate to Security Settings | Account Policies | Password Policies.
- In the details pane, double click Maximum password age.
- Use the arrows to set a value between 1 and 999 days. For example, if you select 42, users are forced to change their passwords every 42 days.
- Click OK.
You can also ensure that users keep the same password for a minimum number of days by changing the Minimum password age. Complete steps 1 through 3 and double click Minimum password age in the details pane.