Windows password complexity rules

Password complexity rules (for example length, number of uppercase and lowercase letters) for Windows computers are fixed and cannot be set by a Sophos Mobile policy. Different rules apply for local and for Microsoft accounts.

Local accounts

  • Password must not contain the user's account name or more than two consecutive characters from the user's full name.
  • Password must be six or more characters long.
  • Password must contain characters from three of the following four categories:
    • Uppercase characters A-Z (Latin alphabet)
    • Lowercase characters a-z (Latin alphabet)
    • Digits 0-9
    • Special characters (!, $, #, %, etc.)

Microsoft accounts

  • Password must be eight or more characters long.
  • Password must contain characters from two of the following four categories:
    • Uppercase characters A-Z (Latin alphabet)
    • Lowercase characters a-z (Latin alphabet)
    • Digits 0-9
    • Special characters (!, $, #, %, etc.)