The password expiration feature on Windows lets you set a maximum password expiration age for user accounts on your PC. By default, this feature is disabled for all users and is only available for Pro, Education, and Enterprise editions of Windows 10 and 11.

You can set password expiration for both local users and Microsoft accounts. However, the steps to do this vary for both account types. So, these are the three ways you can enable or disable password expiration on your Windows accounts.

1. Set or Remove Password Expiration for a Microsoft Account

You can set password expiration for your Microsoft account online. To do this, you'll need to access the Microsoft account Security section and enable the Make me change my password every 72 days option.

Once enabled, your current Microsoft account password will expire after 72 days and requires you to change it to access any Microsoft service associated with the account. Note that you must change and set a new password to enable password expiration. Without it, you'll be unable to use this feature.

To enable password expiration for Microsoft account:

  1. Go to the Microsoft Security page, and log in with your account username and password to access the page.
  2. Next, click on Password security to open the password change page.
    microsoft account online password security
  3. Next, enter your current password.
  4. Next, enter your new password and confirm the same in the Reenter password field.
  5. Lastly, check the Make me change my password every 72 days option.
    enable password expiration microsoft account online
  6. Click Save to save the changes and enable password expiration for your Microsoft account.

If you need to disable the password expiration for your Microsoft account:

  1. Go to Microsoft account online > Security > Change password.
  2. Here, fill in the details for your new password and uncheck the Make me change my password every 72 days option.
  3. Click Save to apply the changes.

2. Enable Password Expiration for Local User Accounts via Local Users and Groups

Local Users and Groups is a Windows administrator tool that allows you to manage individual and multiple computers over a network. Windows 11 Pro, Education, and Enterprise edition users can use this tool to enable password expiration for local user accounts. Here's how to do it.

  1. Press Win + R to open Run.
  2. Type lusrmgr.msc and click OK to open Local Users and Groups snap-in.
  3. Click on the User folder in the left pane.
    local-users-and-groups-users-user-account
  4. Next, double-click on your user local user account to set password expiration.
    local users and groups users user account enable password expiration
  5. In the Properties dialog, uncheck the Password never expire option to enable password expiration.
  6. Click OK to save the changes.

If you are running the Home edition of the OS, you enable Local Users and Groups Management on Windows 11 Home before you can use this method. Once you've enabled Local Users and Groups Management, follow the steps below to activate password expiration.

  1. Run the lusrmgr.exe app.
  2. Select the Users option in the left pane.
    lusrmgr exe edit user account
  3. Next, double-click on the user account name to open its properties.
  4. Open the Password tab.
    lusrmgr exe enable password expiration windows 11 home
  5. Uncheck the Password never expires option.
  6. Click Apply and OK to save the changes.

By default, Windows will ask you to change your password after 42 days. That said, you can also customize the password expiration age using Command Prompt and Group Policy Editor as per your preference.

How to Set Maximum Password Age Using Group Policy Editor

You can use the Group Policy Editor to set the maximum password age for the Password Policy. While the default password expiration is 42 days, you can reduce or increase it to meet your requirements.

Note that Group Policy Editor is part of Windows 11 and Windows 10 Pro, Education, and Enterprise Editions. If you use the Home Edition of Windows, you need to follow our guide to learn how to access the Group Policy Editor on Windows Home.

Once you've opened the Group Policy Editor, follow these steps to set a password expiration time for your local user account:

  1. Press Win + R to open Run.
  2. Type gpedit.msc and click OK to open Group Policy Editor.
  3. In Group Policy Editor, navigate to the following location: 
            Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policy
  4. In the right pane, right-click on the Maximum password age policy and select Properties.
    group policy editor password expiration age maximum
  5. In the Properties dialog, you'll see 42 days as the expiry time. Change the expiry days to your preferred length—you can set it up to 999 days.
    group policy editor password expiration age maximum properties
  6. Click Apply and OK to save the changes.

Windows will prompt you to change the password for your local user account after a set number of days.

3. Enable and Disable Password Expiration for Local User Accounts Using Command Prompt

enable password expiration local user account command prompt

If you need to make frequent changes to the password expiration date manually, you can use the WMI command-line (WMIC) command in Command Prompt to enable and disable password expiration for the local user account. Here's how to do it.

  1. Press the Win key and type cmd.
  2. From the search result, right-click on Command Prompt and select Run as administrator.
  3. In the Command Prompt window, type the following command to enable password expiration for the specified local user account: 
            wmic UserAccount where Name="user account name" set PasswordExpires=True
  4. In the above command, replace user account name with the user account name you want to set password expiration for.
  5. Next, to set the maximum password expiration age, use the following command: 
            net accounts /maxpwage:##
  6. In the above command, replace ## with the length of days you want to set before the password expires.
  7. To disable the password, use the following command: 
            wmic UserAccount where Name="user account name" set PasswordExpires=false
  8. If you need to disable password expiration for all the local user accounts, use the following command instead: 
            wmic UserAccount set PasswordExpires=False
  9. Once done, type exit and press Enter to close Command Prompt.

Set Password Expiration Date for Better Security

The Microsoft-recommended best practice for maximum password age is between 30 and 90 days. Although it's not the most effective solution against threat actors, it should still protect you if someone tries to intercept or guess your old password and gain access to your computer.