How to Set up a Password Expiration Date for Your Microsoft Account

Most people tend to use the same password for every account and every app. This is a big mistake as it can result in all of your accounts getting hacked. Certain tools let hackers identify all accounts using the same password, so if they ever discovered yours they could easily break into all of your accounts. It's a very good idea to change your passwords at intervals. Setting a Password Expiration Date for your Microsoft Account or Local Account is a good way of forcing you into this.

How to set up a Password Expiration Date for your Microsoft Account

  1. Navigate to Microsoft Account Security.
  2. Select Change my password link located under Password security.
  3. Enter your old password when prompted.
  4. Then enter your new password and confirm it.
  5. Put a tick next to the option labeled "Make me change my password every 72 days"
  6. Force Change Microsoft Account Password

Note: you can't use passwords that you have used before. You need to use a password that you haven't used within the last 3 cycles.

How to set up a Password Expiration Date for your Local Account

There are two ways of setting a password expiration date for your Local Account. The default is 42 days, but I'll explain both for you.

By using the User accounts interface

  1. Use the Run prompt (Win + R) and type "lusrmgr.msc" then press the Enter key.
  2. This will open Local Users and Groups Editor.
  3. Find the Users folder and locate the user for which you want to change the password expiry settings.
  4. Open the user properties.
  5. Remove the tick from the box which says "Password never expires".
  6. Press the OK button to finish the process.

Use Command-Line Options to set the expiration date

Do you want to set up a specific expiration date? Then you need to use the "Net Accounts" command. Open PowerShell with Admin privileges, and execute the command Net Accounts. You will see this:

Force user logoff how long after time expires?: Never
Minimum password age (days): 0
Maximum password age (days): 42
Minimum password length: 0
Length of password history maintained: None
Lockout threshold: Never
Lockout duration (minutes): 30
Lockout observation window (minutes): 30
Computer role: WORKSTATION

Calculate how many days there are until your preferred expiration date and set that in the above commands, then execute. You'll have to do this manually every time.

How to use Group Policy to change the Password Expiration Date

  1. Enter the Group Policy Editor by entering "gpedit.msc" in the Run prompt and pressing Enter.
  2. Go to Computer Configuration > Windows Settings > Security Settings > Security Settings > Account Policies
  3. Select Password Policy, and then choose on Maximum Password age.
  4. You can modify the default 42 days to any figure you like. The maximum is 999.
January 22, 2020