WinSecWiki > Security Settings > Account Policies > Password Policy > Minimum Length

Windows Minimum Password Length

This setting allows you to force users to select that meet or exceed a minimum number of characters in length. Zero allows users to enter a blank password provided the password complexity control is not enabled. Otherwise you must select between one and 14 characters as a minimum length.

Interestingly, while Microsoft documentation claims the maximum password length is 127 characters it seems the actual fields in the password reset and change password dialogs limit you to somewhere between 26 and 32 characters. Let anyone is going to use such a long password, right? Actually there are increasing calls for using pass phrases or pass sentences which result in many characters. But if you’re typing skills are like mine you can’t make it for more than 20 characters before having to correct a typo. Therefore I favor pass phrases which simply use the first letter of each word in the phrase. I have found that this works well for end users not just computer nerds.

Bottom line

The general consensus is, assuming the password comprises a series of random characters, passwords should be a minimum of eight characters and I go along with that.

Upcoming Webinars

Additional Resources

Password Policy

•	Maximum Age
•	Password Settings Object
•	Minimum Age
•	Minimum Length
•	Complexity Requirements
•	Reversible Encryption

User name:
Password:
	/ Forgot?
	Register

April 2025 Patch Tuesday	"Patch Tuesday - One Zero Day! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2025 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.