Software & Apps > Windows Windows Vista: Minimum Password Age Policy Best practices for configuring Vista password policy settings By Tony Bradley, CISSP-ISSAP Tony Bradley, CISSP-ISSAP Writer Community College of the Air Force Tony Bradley is a former Lifewire writer and tech journalist who specializes in network and internet security. He is a respected information security expert and prolific author. lifewire's editorial guidelines Updated on December 20, 2022 Fact checked by Elizabeth Brownfield Tweet Share Email Tweet Share Email Windows The Ultimate Laptop Buying Guide In Windows Vista, the Minimum Password Age setting determines the period of time, in days, that a password can be used before you must change it. You can set a password to expire anywhere between 1 and 999 days, or you can allow changes immediately by setting the minimum password age setting number of days to zero (0). This information applies to Windows Vista, Windows 8.1, Windows 8, and Windows 7, as well as to Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. Minimum and Maximum Password Age The Minimum Password Age setting must be lower than the Maximum Password Age setting unless the Maximum Password Age is set to 0, in which case the password never expires. If the Maximum Password Age is set to 0, the Minimum Password Age can be set to any value between 0 and 998. If you are an administrator updating these settings for another user, the Minimum Password Age setting will prevent the user from changing their password until the minimum amount of time has passed. Select the checkbox titled User must change password at next logon to prompt the user to add a new password when they log in. This setting is commonly used by administrators helping new employees set up their accounts during onboarding. Password Best Practices Best practices suggest setting a maximum password age of 60 days, a small window of time during which the password might be hacked and used. Setting a minimum password age is useful in conjunction with the Enforce password history setting, which determines how many new passwords you must use before you can reuse a password. Was this page helpful? Thanks for letting us know! Get the Latest Tech News Delivered Every Day Subscribe Tell us why! Other Not enough details Hard to understand Submit