Windows 10: Remove Password Complexity Requirements

Creating a strong password and replacing it with a new one regularly is crucial to keeping your user account safe.

If you use a weak password, Windows 10 will automatically alert you. The OS will remind you that your password does not meet the complexity requirements. As a result, you’ll be prompted to create a new password.

If You’re Using a PC Connected to Windows Server

Let’s take a look at the first scenario. You’re running Windows 10. Your organization is directly managing your machine via Windows Server.

In this case, there’s not much that you can do about the password complexity requirements. If the computer belongs to the company you’re working for, IT admins are the only persons who can control and edit the password policies.

In other words, you really need to change your password. Pick a new one that includes capital letters, special characters, and numbers.

If Your PC is Not Managed via Windows Server

Method 1 – Use the Policy Editor

If you’re running Windows 10 Pro but your device is not managed directly by Window Server policies, open the Group Policy Editor/ Local Security Policy Editor.

1. Press the Windows and R keys and open a new Run window.
2. Then type gpedit.msc or secpol.msc. Press Enter to launch the Group Policy Editor.
3. Navigate to Security Settings.
4. Then select Password Policy.
5. Locate Password must meet complexity requirements.
6. Disable this setting.

The steps to follow on the Local Security Policy Console are similar to those listed above.

Method 2 – Export and edit the password file

If you can’t disable the password complexity setting, you can use the following workaround.

1. Open the Local Security Policy Editor (enter secpol.msc in Run and hit Enter).
2. Click on the Action menu.
3. Select Export policy.
   • You can also use the secedit /export command to export your password settings to a separate file. Run this command: secedit.exe /export /cfg C:\secconfig.cfg. For more information about the syntax to use, see Microsoft’s Support Page.
4. Open the file with the password settings with Notepad.
5. Locate System Access.
6. Edit the Password Complexity setting value from 1 to zero.
   • You can also edit other password requirements according to your needs such as the password length, age, and so on.
7. Save the changes and open Command Prompt again (admin).
8. Enter this command: secedit.exe /configure /db %windir%\securitynew.sdb /cfg C:\secconfig.cfg /areas SECURITYPOLICY.
9. Open the Local Security Policy Console and check if the password complexity setting has been disabled now.

Should I Disable Password Complexity Requirements?

You should always think twice before turning off the password complexity requirements. Hackers are always lurking in the dark waiting to get their hands on your password. Weak easy-to-guess passwords are like sitting ducks. Hackers use complex algorithms to test millions of possible password combinations and break your account.

As a matter of fact, Microsoft confirmed there are over 10 million username/password attacks happening every single day. Using a strong unpredictable password makes it very hard for hackers to take over your account.

For more information, you can check out Microsoft’s Password Guidance. And don’t forget to keep your passwords strong.