A complicated and complex password ensures that your account is not easy to hack into. Phishing techniques can be used by a hacker for unauthorized access to your computer account. Thankfully, the Windows operating system includes an extra layer of security that enforces you to create a complex password in the first place which includes lower and upper case letters, special characters, and whatnot.
However, not everyone likes having this feature enabled. Sometimes it becomes hard to remember your password and you need to click the “Forgot password” button to reset it.
In this article, we will show you how to disable and remove the password complexity requirement on your Windows 11 or 10 PC and how to set a normal password instead, one which you can remember. The method shared below also works for Windows Server devices, where the password complexity requirement is enabled by default.
Learn how to manage PIN complexity instead.
What is Password Complexity Requirement in Windows
You can configure a password for your user account on a Windows PC by going to the following:
Settings app >> Accounts >> Sign-in Options >> Password
If you set up or change your password here, there may be chances that you see the following error message:
Password does not meet complexity requirements
If so, this means that your organization or your computer’s administrator has set a policy to enforce complex passwords to ensure maximum security. Therefore, in order to set a password, it must meet the following requirements:
- Not contain the user’s account name or parts of the user’s full name that exceed two consecutive characters.
- Be at least six characters in length.
- Contain characters from three of the following four categories:
- English uppercase characters (A through Z)
- English lowercase characters (a through z)
- Base 10 digits (0 through 9)
- Non-alphabetic or special characters (for example, !, $, #, %)
These complexity requirements are enforced when a user is creating or changing their password. If you can meet these requirements and enter the complex password every time you want to sign into your account, then there is nothing to worry about.
However, if you want to remove these requirements, continue to the next section below.
Disable Password Complexity in Windows
Before we show you how to disable the password complexity requirements on a Windows PC, there are a few things to consider.
Your PC must not be joined to a domain. If it is, any changes you make to the Group Policy will be reverted when your computer enforces the policies from the Domain Controller. Additionally, to make these changes, you must be signed in from an administrative account.
Use the following steps to remove the password complexity requirements:
Open the Group Policy editor by typing in “gpedit.msc” in the Run Command box.
Navigate to the following from the left pane:
Computer Configuration >> Windows Settings >> Security Settings >> Account Policies >> Password Policy
On the right side, open the Group Policy “Password must meet complexity requirements.”
Alternatively, you can also access this policy through the Local Security Policy manager (secpol.msc) and then go to Account Policies >> Password Policy.
Select “Disabled,” and then click Apply and Ok.
To enforce the policy, run the following cmdlet in an elevated Command Prompt:
The requirement for a complex password will no longer be required. However, if your account already has a complex password, you will not be forced to change it.
As mentioned earlier, policy enforcement only takes place when creating or changing your account’s password.
You may now continue to create a relaxed password for your account that is easy to remember.
Is it Safe to Disable Password Complexity Requirement
We have shown you how to disable the password complexity requirement in Windows OS. However, whether to do it or not is a different question.
Complex passwords ensure that your account is protected from phishing scams and the hit-and-trial method. An example of this is if you have set your password using your cat’s name “fluffy,” and someone else tries this password for unauthorized access, they may not succeed because of the password complexity requirement that made you add numbers and special characters to the password, like “fluffy@cat”.
That being said, we do not recommend that you remove the password complexity requirements on a computer that is in your daily use or has sensitive information on it.
However, if the computer is being used for insignificant tasks, and entering a complex password each time is a hassle, then disabling the requirement for a complex password might make your life easier with one less thing to remember.