Sharing a computer with multiple people can be difficult, especially when it comes to protecting that PC from security risks. Whether you’re using a shared PC at home, in a home office, or in a small business, you want to make sure everyone who uses that machine follows proper security guidelines, and that especially applies to passwords.
Creating a strong and complex password is one of the best ways to protect your account and your PC from any type of compromise or other security threat. You can certainly make sure that your own password is hard to crack, but how can you persuade other people using the same PC to do the same?
Large corporations and enterprises typically set up domains and rely on Group Policy to set password policies. But your average home or even your small office probably won’t bother creating and managing domains. No problem. You can still protect your shared computer by using Windows Local Security Policy. Available in Windows 10 and 11, Local Security Policy helps you control a variety of security options for all PC users, including password length and complexity.
Many settings offered by the Local Security Policy are intended for domain-based computers. But if you just want to control a single computer, you can skip the network-specific settings and focus on the password ones. Using the policy in this way will help you better protect a shared PC in a home, home office, or small business office. Let’s see how it works.
How to Set a Local Security Policy in Windows
Local Security Policy is accessible from Windows 10 and 11 and works the same in both versions. You can open or access the Local Security Policy using different methods. But the fastest way is to use the search tool. Click the Search field or icon, type secpol.msc, and then press Enter. The Local Security Policy window appears (Figure 1).
Set minimum password length
First, you can ensure that anyone with an account on this computer uses a password of a certain length. Click the right arrow for Account Policies, then select Password Policy. Of the eight options here, double-click the one for minimum password length.
Click on the Explain tab to see the details of this setting. By default, the minimum length can be up to 14 characters. Return to the Local Security Settings tab and enter a number up to 14 to specify the minimum length of a password. Click OK when finished (Figure 2).
Set password complexity
Complexity is more important than password length, which means that users of this shared PC should use passwords with upper and lower case characters, numbers, and non-alphanumeric characters. Double-click the Password must meet complexity requirements option.
Click on the Explain tab to see the requirements for it. If this policy is enabled, the password cannot contain the user’s account name and must be at least six characters long. It must also contain characters from one of three categories: uppercase characters, lowercase characters, any number between 0 and 9, and non-alphanumeric characters such as ! Where #. Return to the Local Security Setting tab and click the Enabled button. Click OK (picture 3).
Require password changes
Then you can make sure people have to change their password periodically. Double-click the option for Maximum Password Age. Select the Explain tab to learn how this setting works. Return to the Local Security Settings tab and enter a number to determine how many days someone can use a password before it expires. Depending on your environment, 90 days is usually a good timeframe, so users should change their passwords every three months. Click OK (Figure 4).
Apply password history
Faced with the challenge of periodically changing their passwords, many people will simply recycle old passwords. You can limit this tendency by enforcing a password history. Click the Enforce Password History option. Click on the Explain tab to see how it goes. On the Local Security Settings screen, enter a number between 0 and 24, where 0 means no passwords will be remembered and 24 means the previous two dozen passwords will be remembered and therefore cannot be used again . Click OK (Figure 5).
Set lock policy
Then you can protect your PC accounts from being compromised by locking them if the wrong password is entered too many times. Select the setting for the Account Lockout Policy and double-click the Account Lockout Threshold option.
Click on the Explain tab to read the details on it. Return to the Local Security Settings screen and enter a number between 0 and 999. The number will determine how many times an incorrect password can be entered before the account is locked out. A locked account must then be reset by an administrator account on this PC. Click OK.
Depending on the number you choose, you may see suggestions for the other two options: Account lockout duration and Reset account lockout counter. These two options determine how long the account will be locked out after the specified number of incorrect password attempts. Click OK to accept the suggested settings (Figure 6).
How badly should you make password and lock requirements on your shared PC? It depends on the location and the people using it. For a home PC used by family members, you may want the settings to be less restrictive. But for a business PC used by employees, you could tighten the requirements. Of course, you can always adjust the settings if they turn out to be too loose or too tight.