Revised Windows Password Complexity Policy

What's Changing

To conform to the NHS Good Practice Guideline a new stronger password policy will soon take effect with increased complexity to reduce network vulnerability. This will follow similar policy as per NHSmail. Strong passwords would have all of the following characteristics:

  • are eight characters or more in length
  • must not include username
  • contain at least three of:
    • upper case letters
    • lower case letters
    • number
    • symbol

Some examples include Summ3r!6, M1ch@el1989 and L3tme1n!.

The password policy presently requires the user to change their password every 180 days and forbids the use of the last four passwords; this is soon to be revised to 90 days.

Example of Password Expiry Warning message will prompt 15 days in advance.


Back to Top