Software & Apps Windows Password Policy: Minimum Password Age Best practices for configuring Vista password policy settings By Tony Bradley, CISSP-ISSAP Writer Tony Bradley is a former Lifewire writer and tech journalist who specializes in network and internet security. He is a respected information security expert and prolific author. our editorial process LinkedIn Tony Bradley, CISSP-ISSAP Updated November 20, 2019 Sigrid Olsson/PhotoAlto Agency RF Collections/Getty Images Windows The Ultimate Laptop Buying Guide Tweet Share Email In Windows Vista, the Minimum Password Age setting determines the period of time in days that a password can be used before the user must change it. You can set a password to expire anywhere between 1 and 999 days, or you can allow changes immediately by setting the minimum password age setting number of days to 0. Minimum and Maximum Password Age The Minimum Password Age setting must be lower than the Maximum Password Age setting unless the Maximum Password Age is set to zero, in which case the password never expires. If the Maximum password age is set to zero, the Minimum password age can be set to any value between 0 and 998. Setting the Maximum Password Age to a -1 has the same effect as setting it to zero—it never expires. Setting it to any other negative number is the same as setting it to Not Defined. Password Best Practices Best practices suggest setting a Maximum password age of 60 days. This way, there is a small window during which the password might be hacked and used. Setting a Minimum password age is useful in conjunction with Enforce Password History to prevent users from entering new passwords repeatedly to bypass Enforce Password History. This information applies to Window Vista, Windows 8.1, Windows 8 and Windows 7, as well as to Windows Server 2008 R2 and Windows Server 2012 R2.