WinSecWiki > Security Settings > Account Policies > Password Policy > Minimum Length

Windows Minimum Password Length

This setting allows you to force users to select that meet or exceed a minimum number of characters in length. Zero allows users to enter a blank password provided the password complexity control is not enabled. Otherwise you must select between one and 14 characters as a minimum length.

Interestingly, while Microsoft documentation claims the maximum password length is 127 characters it seems the actual fields in the password reset and change password dialogs limit you to somewhere between 26 and 32 characters. Let anyone is going to use such a long password, right? Actually there are increasing calls for using pass phrases or pass sentences which result in many characters. But if you’re typing skills are like mine you can’t make it for more than 20 characters before having to correct a typo. Therefore I favor pass phrases which simply use the first letter of each word in the phrase. I have found that this works well for end users not just computer nerds.

Bottom line

The general consensus is, assuming the password comprises a series of random characters, passwords should be a minimum of eight characters and I go along with that.

Back to top


Additional Resources