Password reset time

[Stan Brown]

I've got my PC set to require passwords to be changed every 45 days.
I'd like to change that to every 30 days, but I can't remember where
to set it. I tried "User Accounts" in control panel, but that seems
to cover only very basic settings.

Can someone remind me, please: where do I tell Windows how often
users are required to change their passwords?

 

[Tim Meddick]

First, you will need administrator-level access rights to change the
password-reset time.

Open the Group Policy Editor (or type into the "Run" box) the following :

gpedit.msc

.....and press [ok]

Then, navigate to :

Local Computer Policy :- Computer Configuration :- Windows Settings :-
Security Settings :- Account Policies :- Password Policies

...and the item under this heading that you need is : "Maximum Password
Age"

If you set it to 0 [zero] the password will never require change nor ask
for it.

Otherwise, you may set it to anything between 1 and 999 [days]

*note* The "Maximum Password Age" has to be set to a greater number of
days than the "Minimum Password Age" setting under the same heading.

The default is 45 [days]

==

Cheers, Tim Meddick, Peckham, London.

 

[Stan Brown]

First, you will need administrator-level access rights to change the
password-reset time.

Open the Group Policy Editor (or type into the "Run" box) the following :

gpedit.msc

....and press [ok]

Then, navigate to :

Local Computer Policy :- Computer Configuration :- Windows Settings :-
Security Settings :- Account Policies :- Password Policies

[etc.]

Perfect -- thanks, Tim!

 

[Tim Meddick]

No problem... thankyou for re-posting that your problem was resolved.

So many don't bother, and it can be mildly frustrating.

==

Cheers, Tim Meddick, Peckham, London.

 

[Anteaus]

If a hacker has already had my password for 30 days I don't think changing
it would do a lot of good.

Therefore, what is the purpose of this? I can't see how it contributes to
security in any way. In fact it may reduce security, by forcing the use of
simple passwords.

 

[Stan Brown]

If a hacker has already had my password for 30 days I don't think changing
it would do a lot of good.

Therefore, what is the purpose of this? I can't see how it contributes to
security in any way. In fact it may reduce security, by forcing the use of
simple passwords.

I have to admit, you raise a good point. It's always been an article
of faith with me that passwords should be changed frequently. Banks
require it, and so does the college where I teach part time. But when
you pose the question it's hard to see the reason, especially on my
own computer were only I have the passwords.

Comments, anyone? Is this just one of the things we do to give
ourselves the illusion that we are making ourselves more secure?

 

[Shenan Stanley]

If a hacker has already had my password for 30 days I don't think
changing it would do a lot of good.

Therefore, what is the purpose of this? I can't see how it
contributes to security in any way. In fact it may reduce security,
by forcing the use of simple passwords.

The point of changing passwords is not to stop people who already hacked
your password from using it - but to prevent the password hacker from having
the time to actually hack your password.

So your "If a hacker has already had my password for 30 days" analogy is
viable - but that means they cracked it the day this guy wants to change
it - every 30 days. ;-)

Truthfully - a little physical access and most peoples passwords can be
cracked in hours, not days. A few will take days - but seldom 30 if they
are crackable. And if they are not - usually anything over a few days has
proven that.

However - if you never change your password - I have forever to crack it
*and* to use it quietly without you possibly ever even knowing. ;-)

 

[Tim Meddick]

I have to say...

I hate all this...

You [the OP] asked a [simple] question, and instead of [simply] handing
over the answer as best they could, instead, decide to pass judgement and
give you their ten-pennies-worth!!

WHATEVER you need to know for is your own business - you asked a question
(on where to control the password re-set age) and on a facility that
purports to be a help resource, you should be furnished with a usable
answer - NOT OPINIONS!!

==

Cheers, Tim Meddick, Peckham, London.

P.S. The irony that this itself is an expression of someone's opinion is
not lost on me.
However, I felt I had to respond to what was, until then, a simple matter,
made more complicated unnecessarily....