How to force users to change their password periodically on Windows 10

Windows 10 packs a lot of great security features, including biometric authentication with Windows Hello, malware protection with Windows Defender, and Windows Update to keep your device up to date and secure. However, even with all these features, your PC can still be vulnerable to unauthorized access if you keep using the same password for a long time.

Although users can change their password at any time, you can also configure the operating system to ask users to change it periodically.

There are at least three methods to do this, but the method you need to use will always depend on the edition of Windows your PC is running, and whether you're using a local or Microsoft account.

In this Windows 10 guide, we'll walk you through the steps to force users to change their password after a specific number of days to keep accounts a little more secure.

How to enforce password change using Group Policy

If you're running Windows 10 Pro, Enterprise, or Education, you can use the Local Group Policy Editor to quickly configure the time (in days) before users must change their password for a local account.

  1. Use the Windows key + R keyboard shortcut to open the Run command.
  2. Type gpedit.msc and click OK to open the Local Group Policy Editor.
  3. Browse the following path:Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policy
  4. On the right side, double-click the Maximum password age policy.

  1. Set the number of days a password can be used before Windows 10 requires users to change it. (A good rule of thumb is to select 72 days.)
  2. Click OK to complete the task.

After the period of time specified, users will get prompted to change their password as they try to sign in.

It's worth pointing out that there along with the maximum password age option, you can also force users to use a more complex password and even implement a password history, so they don't reuse an old password.

Here are the password policies available:

  • Enforce password history
  • Minimum password age
  • Minimum password length

How to enforce password change using Command Prompt

Windows 10 Home doesn't include the Local Group Policy Editor, but you can use Command Prompt to accomplish the same result.

  1. Open Start.
  2. Search for Command Prompt.
  3. Right-click the result and select Run as administrator.
  4. Type the following command to enable password to expire and press Enter:wmic UserAccount set PasswordExpires=True
  5. Type the following command to set the number of days a password can be used before Windows 10 requires users to change it and press Enter:net accounts /maxpwage:72

  1. Type the following command to review your new password policy and press Enter:net accounts

After the period of time specified, similar to Group Policy, users will get a prompt to change their password as they try to sign in.

If you want to enforce password expiration for one user, then you can use the same steps, but on step 4, use this command instead:

wmic UserAccount where Name='USERNAME' set PasswordExpires=True

Note: Remember to replace "USERNAME" with the name of the account you want the password to expire.

How to enforce password change on a Microsoft account

If you're using a Microsoft account, the steps we mentioned earlier won't work. However, you can enable an option on your account to make you change your password every 72 days.

  1. Open your browser and sign in to your Microsoft account{.nofollow}.
  2. On Security & privacy, click on the Change password link.
  3. Create a new password.
  4. Check the Make me change my password every 72 days option.

  1. Click Next to complete the task.

The caveat with this option is that you don't have the flexibility to choose a number of days, but 72 days is one of the most common recommended time frames to force users to change their account password.

In addition, it's important to note that with this change, you will not only be making your Windows 10 account more secure, but every other service you use with a Microsoft account, including OneDrive, Outlook.com, Skype, and others.

Keep in mind that while we're focusing this guide on Windows 10, you can use the steps to use Group Policy and Command Prompt to force users to change their passwords on Windows 8.1 and Windows 7.

Do you periodically change your account password on Windows 10? Tell us in the comments below.

More Windows 10 resources

For more help articles, coverage, and answers on Windows 10, you can visit the following resources:

Mauro Huculak

Mauro Huculak has been a Windows How-To Expert contributor for WindowsCentral.com for nearly a decade and has over 15 years of experience writing comprehensive guides. He also has an IT background and has achieved different professional certifications from Microsoft, Cisco, VMware, and CompTIA. He has been recognized as a Microsoft MVP for many years.