If you are in a network environment, the administrators may have set Group Policy to require certain password complexity, such as minimum number of characters, mixed case, and/or use of numbers and/or symbols. You will need to speak to your local IT Support to get any specifics.
Enforce password history determines the number of unique new passwords a user must use before an old password can be reused. The value of this setting can be between 0 and 24; if this value is set to 0, enforce password history is disabled. For most organizations, set this value to 24 passwords.
Maximum password age determines how many days a password can be used before the user is required to change it. The value of this between 0 and 999; if it is set to 0, passwords never expire. Setting this value too low can cause a frustration for your users; setting it too high or disabling it gives potential attackers more time to determine passwords. For most organizations, set this value to 42 days.
Minimum password age determines how many days a user must keep new passwords before they can change them. This setting is designed to work with the Enforce password history setting so that users cannot quickly reset their passwords the required number of times and then change back to their old passwords. The value of this setting can be between 0 and 999; if it is set to 0, users can immediately change new passwords. It is recommended that you set this value to 2 days.
Minimum password length determines how short passwords can be. Although Windows 2000, Windows XP, and Windows Server 2003 support passwords up to 28 characters, the value of this setting can be only between 0 and 4 characters. If it is set to 0, users are allowed to have blank passwords, so you should not use a value of 0. It is recommended that you set this value to 8 characters.
Passwords must meet complexity requirements determines whether password complexity is enforced. If this setting is enabled, user passwords meet the following requirements:
The password is at least six characters long.
The password contains characters from at least three of the following five categories: