Most of us have a habit of using the same password for a long time. This is dangerous, mainly if the password is used in multiple places. It is possible that in a security breach, the password was open to all. So today, in this post, we will share how you can set a Password Expiration Date for your Microsoft Account or Local Account. This will force users to change the password every few months.
Here are we are setting password expiration for two different types of accounts. Microsoft Account, and the Local Windows account. If you are using a Microsoft account in Windows 11/10, then it becomes even more critical that you change it from time to time.
When we say Set password Expiration Date, you can either choose what Windows 11/10 offers for local accounts or set using the “net” command.
Set Password Expiration Date for Microsoft Account
- Go to Microsoft Account Security section
- Click on Change my password link under Password security
- Enter the old password and the new password twice
- Check the box which says Make me change my password every 72 days
The only drawback of this method is that you need to change the current password to one which you haven’t repeated the past three times. Microsoft will then automatically prompt you to change the password every 72 days.
You should know that this is different from PIN or Windows Hello, which you use on Windows 11/10 computer.
Set Password Expiration Date for Local Account
While it is possible to create a password-less account in Windows, it’s not a good idea. If you are the admin user of your computer, make sure all users change their password often. There are two ways of doing this, and it will force users to change their current password. The default is 42 days.
1] Using User accounts interface
- In the Run prompt (Win + R) type lusrmgr.msc followed by pressing the Enter key.
- It will open Local Users and Groups Editor
- Under Users folder, locate the user for which you want to change the password expiry
- Double click to open the user properties
- Uncheck the box which says Password never expires
- Click on the OK button to complete the process
There is a popular WMIC command, but it does not seem to be working for me in my Windows 11. If you use the command without the “where name” clause, it will set Password Expiration for all the accounts, including system accounts.
wmic UserAccount where name='John Doe' set Passwordexpires=false
Let us know if it works for you.
2] Command-Line Options to set Expiration Date
Once done, if you want to set an exact expiration date, then you need to use the “Net Accounts” command. Open PowerShell with Admin privileges, and execute the command Net Accounts. It will reveal the details as below:
Force user logoff how long after time expires?: Never
Minimum password age (days): 0
Maximum password age (days): 42
Minimum password length: 0
Length of password history maintained: None
Lockout threshold: Never
Lockout duration (minutes): 30
Lockout observation window (minutes): 30
Computer role: WORKSTATION
If you want to set a particular expiration date, then you will have to calculate the figure in days. If you set it to 30 days, users will have to change their passwords once a month.
Execute the command Net Accounts /maxpwage 30
If you want to force someone to change the password instantly, you can use maxpwage:1
Read: Force users to change Account Password at the next Login.
3] Use Group Policy to change Password Expiration Date
- Open Group Policy Editor by typing gpedit.msc in the Run prompt followed by pressing the Enter key
- Navigate to Computer Configuration > Windows Settings > Security Settings > Security Settings > Account Policies
- Click on Password Policy, and then click on Maximum Password age
- Here you can change from 42 to any figure you like. The maximum is in between 1-999
I hope the post was easy to follow and that you could set the password expiration date for the User Account in Windows 11/10.
Read: How to Harden Windows Login Password Policy & Account Lockout Policy.