PDA

View Full Version : complex passwords

New security guy
I have been tasked to tighten up security by my customer.
I need to know all their is to know about complex
passwords.
Steven L Umbach
Password complexity requires a password to be at least six characters long and
include three of the following four - uppercase, lowercase, numeric, and special
character such as &^%$ found on the keyboard. For a domain, password/account policy
can be configured only at the domain policy level for domain accounts. Keep in mind
that account lockout [no less then ten recommended by MS] and password age are also
part of a good password policy. Accounts that are configured with password never
expires will not be subject to password age policy and if password age policy is
implemented, accounts with password age older than the new standard will immediately
expire. See the link below for more details on account/password policy. --- Steve

http://www.microsoft.com/technet/Security/topics/hardsys/tcg/tcgch02.mspx --- applies
to W2K also.


"New security guy" wrote in message
news:18a9101c41b5d$989f1f10$a401280a@phx.gbl...
> I have been tasked to tighten up security by my customer.
> I need to know all their is to know about complex
> passwords.


Yaketyak
Try using 7 to 8 characters, upper and lower case letters, numbers and
special characters in random order. Start w/ a special character.
















On Mon, 5 Apr 2004 15:30:27 -0700, "New security guy"
wrote:

--->I have been tasked to tighten up security by my customer.
--->I need to know all their is to know about complex
--->passwords.

Progressives are mere Socialists who plan on being
"In Charge" after they make everyone else "equal".

Yaketyak
new security guy
Does the special character have a specific order that it
has to be. for example if i have an 8 character password
does my special character have to ben in character
2through 7?
>-----Original Message-----
>Password complexity requires a password to be at least
six characters long and
>include three of the following four - uppercase,
lowercase, numeric, and special
>character such as &^%$ found on the keyboard. For a
domain, password/account policy
>can be configured only at the domain policy level for
domain accounts. Keep in mind
>that account lockout [no less then ten recommended by MS]
and password age are also
>part of a good password policy. Accounts that are
configured with password never
>expires will not be subject to password age policy and if
password age policy is
>implemented, accounts with password age older than the
new standard will immediately
>expire. See the link below for more details on
account/password policy. --- Steve
>
>http://www.microsoft.com/technet/Security/topics/hardsys/t
cg/tcgch02.mspx --- applies
>to W2K also.
>
>
>"New security guy"
wrote in message
>news:18a9101c41b5d$989f1f10$a401280a@phx.gbl...
>> I have been tasked to tighten up security by my
customer.
>> I need to know all their is to know about complex
>> passwords.
>
>
>.
>
Steven L Umbach
No, there is no special order. Password1 would be a legitimate complex password as
far as W2K/W2003 is concerned. You can configure minimum password to be longer than
six if you want with the minimum password length setting. --- Steve

"new security guy" wrote in message
news:1464601c41be2$0f983a50$a001280a@phx.gbl...
> Does the special character have a specific order that it
> has to be. for example if i have an 8 character password
> does my special character have to ben in character
> 2through 7?
> >-----Original Message-----
> >Password complexity requires a password to be at least
> six characters long and
> >include three of the following four - uppercase,
> lowercase, numeric, and special
> >character such as &^%$ found on the keyboard. For a
> domain, password/account policy
> >can be configured only at the domain policy level for
> domain accounts. Keep in mind
> >that account lockout [no less then ten recommended by MS]
> and password age are also
> >part of a good password policy. Accounts that are
> configured with password never
> >expires will not be subject to password age policy and if
> password age policy is
> >implemented, accounts with password age older than the
> new standard will immediately
> >expire. See the link below for more details on
> account/password policy. --- Steve
> >
> >http://www.microsoft.com/technet/Security/topics/hardsys/t
> cg/tcgch02.mspx --- applies
> >to W2K also.
> >
> >
> >"New security guy"
> wrote in message
> >news:18a9101c41b5d$989f1f10$a401280a@phx.gbl...
> >> I have been tasked to tighten up security by my
> customer.
> >> I need to know all their is to know about complex
> >> passwords.
> >
> >
> >.
> >