Enforce Windows 7 to Accept Complex Passwords Only

Importance of Passwords

Passwords are used to identify and authenticate users and devices. Under normal circumstances, administrators can provide simple passwords while creating user accounts, and if the users are granted permissions by the administrators to change their passwords on their own, they can specify simple passwords as well. This is the default configuration in Microsoft Windows 7 operating system. For home environments this configuration can be quite handy for the users as in homes users are not expected to store sensitive information on their computers. However in production environments where security is a major concern, administrators mostly configure network and client operating systems to accept complex passwords only. While simple passwords are combination of multiple characters irrespective of the types of characters and the length of the passwords, complex passwords, on the other hand, must be of minimum seven characters in length and must have combination of any three of the following four character types:

  1. Uppercase (A, B, C, etc.)
  2. Lowercase (a, b, c, etc.)
  3. Numerical digits (1, 2, 3, etc.)
  4. Special character ($,?,!,*, &, etc.)

There are several sites available on the Internet that provide free e-mail facilities to the users. However users must create their accounts on those websites. While creating accounts on such domains, defining complex passwords is mandatory and if users try to specify simple passwords while creating their accounts on those public domains, the account creation process fails. These sites can be a perfect example for enforcing users to specify only complex passwords for their accounts.

Administrators must enforce users to specify complex passwords for their accounts because of a few important reasons:

  • Complex passwords are hard to guess and therefore hackers cannot easily gain access to the information secured by such credentials.
  • If hackers try to use brute force attacks, it becomes hard for the applications to decrypt passwords that are complex in nature.

As mentioned above, by default Windows 7 is configured to accept simple passwords from both administrators and users, in order to make operating system securer, administrators must configure local group policies (for local computers) or domain wide group policies (for domain-based network architecture) to accept complex passwords only while creating user accounts or changing passwords. When administrators configure computers according to this setting, Windows 7 computer automatically stops accepting blank passwords as well.

Enforcing Windows 7 to Accept Complex Passwords Only

Since the process requires group policy configuration, administrative privileges must be used while performing the following steps:

  1. Log on to Windows 7 computer with administrator account.
  2. Click Start, and at the bottom of the menu in the search box, type GPEDIT.MSC command and press Enter key.
  3. On the opened Local Group Policy Editor snap-in, from the left pane, under Computer Configuration, expand Windows Settings > Security Settings > Account Policies and then click Password Policies.
  4. From the right pane, double-click Password must meet complexity requirements.
  5. On the opened Password must meet complexity requirements Properties box, click to select Enabled radio button and click OK.

    Complex Passwords Only

  6. Close Local Group Policy Editor snap-in, and restart the computer to allow the changes to take effect.
Author: Vivek Nayyar

Works as Systems Admin in Siskin Technologies, India. Corporate trainer on Microsoft and Cisco platform. Specialized in Virtualization Technology. LAN Consultant for some local organizations.