When it comes to computer data security people rely on passwords as the first line of defense. While it is recommended that you choose passwords as a mix of letters, digits and symbols it is also a good practice to keep changing them from time to time.
If you use password protection to log on to your Windows machine, you can set some rules and standards to change the default behavior and enhance protection policies. Let us see how to do this and check out the available options.
Part 1: Enable Password Policy
Navigate to your Control Panel and launch Administrative Tools. Be sure that you are logged in as the administrator to be able to make changes. Within Administrative Tools you would find an option named Local Security Policy.
Next, open this location (double click) Local Security Policy and pilot to Security Settings -> Account Policies -> Password Policy from the navigation pane on the left.
Now, if you look on the right side you would find a list of policies and associated security settings. These are basically flags that are either enabled or disabled. You may change their current state to map them to your requirements. Let us learn what each one of these means.
Note: Before we start looking into each one of them, let me also tell you that you just need to double click on any policy to open its configuration window. Then, as shown in the respective images, either enter the number of days or enable the flag and Apply.
Enforce Password History
With this option you can set the number of unique passwords that you have to use before you can reuse an old password. You may set the number between 0 and 24.
Maximum Password Age
This setting determines the maximum number of days for which a password can be used before the system will require the user to change it. The number varies between 1-998 days.
Minimum Password Age
This setting determines the minimum number of days for which a password must be used before the user can change it. The number varies between 1-998 days.
Minimum Password Length
A user can define the minimum number of characters that a password must contain for it to qualify as a valid password. It can be set between 1-14 characters.
Password Must Meet Complexity Requirements
The complexity requirement enforces that a password must be at least 6 characters long, must have upper and lower case, digits and symbols and cannot be same as the current user name.
Store Passwords Using Reversible Encryption
This setting is not recommended as it is equivalent to storing the user password in plain text. Sometimes it may be required for applications for authentication purpose. Try and avoid touching it.
Part 2: Enable Account Lockout Policy
Account Lockout Policy disables a user account if an incorrect password is entered a specified number of times over a specified period. These policy settings help you to prevent attackers from guessing users’ passwords, and they decrease the likelihood of successful attacks on your network.
Navigate to Security Settings -> Account Policies -> Account Lockout Policy from the navigation pane on the left. You can set
Account Lockout Duration
Allows you to specify a time frame after which the account will automatically unlock and resume normal operation. If you specify zero minutes the account will be locked out indefinitely until an administrator manually unlocks it.
Account Lockout Threshold
Specifies the number of failed login attempts allowed before the account is locked out. If the threshold is set at 3 the account will be locked out after a user enters incorrect login information 3 times within a specified time frame.
Reset Account Lockout Counter After
This policy defines a time frame for counting the incorrect login attempts. If the policy is set for one hour and the Account Lockout Threshold is set for 3 attempts a user can enter the incorrect login information 3 times within 1 hour. If they enter the incorrect information twice, but get it correct the third time the counter will reset after 1 hour has elapsed (from the first incorrect entry) so that future failed attempts will again start counting at 1.
Do try and explore as much as you can. This is a good way to enhance your computer security. Also, you should keep changing the settings from time to time .