How to make sure you never forget to change your Microsoft password

If you don't regularly change your Microsoft password, you're not giving security as much attention as you should. There are a few simple things you can do to keep your account as secure as possible: Use a password manager such as Enpass (opens in new tab), set up two-factor authentication and, perhaps most important, change your password frequently.

In the case of the last option, it can be hard to remember or even to set yourself a reminder to do it. However, your Microsoft Account can make you change your password at regular intervals.

Here's how to enable the feature.

Microsoft Account

  1. Login at
  2. Click on security.
  3. Select change password.
  4. Check the box labeled make me change my password every 72 days.

It's that simple. You don't have to remember to change the password yourself or even create a reminder. Instead, you can let your account do all the work for you.

Richard Devine is an Editor at Windows Central. A former Project Manager and long-term tech addict, he joined Mobile Nations in 2011 and has been found on Android Central and iMore as well as Windows Central. Currently you'll find him covering all manner of PC hardware and gaming, and you can follow him on Twitter and Instagram.

  • thanks
  • Is there some significance to the number of days being set to 72? That is, why not 30, 60, 90 or some other number of days? Why 72? Just curious.
  • The ceo likes the number 72
  • It's weird how a random number in the middle of nowhere makes us think right ?!
  • 72 is probably random enough for people not to try and hack on a 30 day or 60 day schedule.
  • Just what I was gonna say 🙂👍
  • This neeeds more visibility.  Changing passwords with any sort of frequency is asking for trouble. Welcome to modern security everyone.
  • While your locking down your account, it's a good idea to see when and where you've used your account and remove devices you no longer own.​  
  • The UK Government advises against changing passwords frequently: (see Tip 2).
  • because the really want to spy on their citizens
  • Microsoft has actually given the same recommendation:
  • I prefer to keep the same password with far more than 8 character, symbols, numbers and completely random, but different for each account for each service/website I use, and keep all of that in my mind rather than change it and have to use a password manager I can't trust (sorry, I'll not give every single of my password to anything/anyone) because I could not remember it. And the use of only 8 character password that could mean anything is not an option xD
    Plus, using a second password to answer the recovery questions is a good idea too, rather than a correct answer.
    But maybe I don't give as much attention to my security as I should, as you say, but good luck to the one who think it could crack all of my password, even if I tell him my life.
  • I would advise to have a second thought about using a password manager. At the end of the day if you can remember all your complex passwords then more power to you. You can always choose password managers like Enpass that give you the option of storing your encrypted database locally or on your chosen cloud platform. At some point you have to trust someone. If you can't trust password managers then how do you trust your ISP from man-in-the-middle attacks or the web sites you visit from storing your password in reversible encryption? :) Also, there's no need to change passwords every x days so don't worry about that. It's an old-school security measure now widely considered counter-productive as it requires you to remember new passwords (if you don't use a password manager) or choose simpler combinations with simple permutations (password01, password02, password03...) or even as is too often the case in office environments, writing it down on a sticky note because "I just can't keep up with a new password every 90 days"
  • No. Changing passwords regularly is not good for security. This has been proven. Pick one strong and secure password.
  • And enable 2 step verification, etc. I guess it should be enogh for most usage cases.
  • Suspicious activity in China alert on my unused Microsoft alias last night! New passwords....
  • Ideally this is the main (only?) reason to change passwords. Did you get the alert in an email? Just wondering if it's something to actively look out for.
  • This is generally reckoned to be bad advice - forced password changes cause people to pick poor passwords. As said above, choose a strong, long, complex one that is unique to the Microsoft account, and stick to it.
  • You can't use a password manager to login to your computer! At work we were forced to change passwords every month. Nearly everyone wrote their password down somewhere. Those that didn't had to get two other people in the office to summit a form online to rest their password. One to send and one to confirm it was them.
  • I hate this policy at work and agree.
    I went against policy at the last place I worked at. I would use my admin powers for good and force reset my acount's password to the same 20 char symbol/upper/lower/digit jumble that I had memorised every time I got the 'password expiring in 7 days' reminder. Since I did it through the admin interface it would allow me to reset to the same one :P One of the clients I worked with had a 3rd party (or perhaps in-house developed?) approved password manager which was accessible from the logon screen, I thought it was pretty smart!