Why you can trust ZDNET
:ZDNET independently tests and researches products to bring you our best recommendations and advice. When you buy through our links, we may earn a commission.Our process
'ZDNET Recommends': What exactly does it mean?
ZDNET's recommendations are based on many hours of testing, research, and comparison shopping. We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. And we pore over customer reviews to find out what matters to real people who already own and use the products and services we’re assessing.
When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions. This helps support our work, but does not affect what we cover or how, and it does not affect the price you pay. Neither ZDNET nor the author are compensated for these independent reviews. Indeed, we follow strict guidelines that ensure our editorial content is never influenced by advertisers.
ZDNET's editorial team writes on behalf of you, our reader. Our goal is to deliver the most accurate information and the most knowledgeable advice possible in order to help you make smarter buying decisions on tech gear and a wide array of products and services. Our editors thoroughly review and fact-check every article to ensure that our content meets the highest standards. If we have made an error or published misleading information, we will correct or clarify the article. If you see inaccuracies in our content, please report the mistake via this form.
The password can't contain your account name or more than two consecutive characters from your full name. It must contain at least six characters. And it must include characters from three of the following four categories: 1. Uppercase characters A-Z, 2. Lowercase characters a-z, 3. Digits 0-9, or 4. Special characters (!, $, #, %, etc.).
4. Consider using a passphrase
Also keep the usual advice in mind. If using a conventional password, you'll want something that's strong and resistant to hacking, meaning long or complex or both. A better option may be a passphrase, which consists of multiple words, such as Hello-I-must-be-going.
You'll need to add numbers or special characters to the phrase, for example, a dash between each word. The website Use a Passphrase can generate passphrases for you and tell you how long it would take to crack it. For instance, Hello-I-must-be-going would take 102 centuries to crack.
5. Click Finish
The next screen then tells you to use your new password the next time you sign in to Windows. Click Finish.
6. Sign out of Windows to test your new password
Sign out of Windows and then sign back in with the new password to confirm that it works.
Change the password for a Microsoft account
You can change your Microsoft account password either directly in Windows or at your account website. The Windows process works similarly to the one for a local account. However, there is one setting you need to disable if it's enabled.
Change the password in Windows
In Windows 11, go Settings > Accounts > Sign-in options.
Under Additional settings, there's one that says, "For improved security, only allow Windows Hello sign-in for Microsoft accounts on this device." If this setting is on, turn it off.
Sign out of Windows and then sign back in. Return to Settings > Accounts > Sign-in options and you should now see the option for Password. Select it and then click the Change button. Verify your identity if prompted.
For a Microsoft account, your password must contain at least eight characters and include characters from two of the following four categories: 1. Uppercase characters A-Z, 2. Lowercase characters a-z, 3. Digits 0-9, or 4. Special characters (!, $, #, %, etc.). Otherwise, follow the usual advice for creating a strong password or passphrase.