Skip to content

Windows password complexity rules

For Windows computers, password complexity rules such as length, number of uppercase and lowercase letters are set by Windows. You can't configure them with Sophos Mobile. Different rules apply for local and for Microsoft accounts.

Local accounts

  • Password must not contain the user's account name or more than two consecutive characters from the user's full name.
  • Password must be six or more characters long.
  • Password must contain characters from three of the following four categories:

    • Uppercase characters A-Z (Latin alphabet)
    • Lowercase characters a-z (Latin alphabet)
    • Digits 0-9
    • Special characters (!, $, #, %, etc.)

Microsoft accounts

  • Password must be eight or more characters long.
  • Password must contain characters from two of the following four categories:

    • Uppercase characters A-Z (Latin alphabet)
    • Lowercase characters a-z (Latin alphabet)
    • Digits 0-9
    • Special characters (!, $, #, %, etc.)