Windows Vista: Minimum Password Age Policy

Best practices for configuring Vista password policy settings

In Windows Vista, the Minimum Password Age setting determines the period of time, in days, that a password can be used before you must change it. You can set a password to expire anywhere between 1 and 999 days, or you can allow changes immediately by setting the minimum password age setting number of days to zero (0).

This information applies to Windows Vista, Windows 8.1, Windows 8, and Windows 7, as well as to Windows Server 2008 R2 and Windows Server 2012 R2.

Minimum and Maximum Password Age

The Minimum Password Age setting must be lower than the Maximum Password Age setting unless the Maximum Password Age is set to 0, in which case the password never expires. If the Maximum Password Age is set to 0, the Minimum Password Age can be set to any value between 0 and 998.

Setting the Maximum Password Age to ​a -1 has the same effect as setting it to 0: it never expires. Setting it to any other negative number is the same as setting it to Not Defined.

Password Best Practices

Best practices suggest setting a maximum password age of 60 days, a small window of time during which the password might be hacked and used.

Setting a minimum password age is useful in conjunction with the Enforce password history setting which determines how many new passwords you must use before you can use reuse a password.

Was this page helpful?