Password's complexity requirements

According to Microsoft organizations should set strong password creation guidelines that include the following:
•Avoid the use of words from a dictionary in any language, including common or clever misspellings of words.
•Do not create a new password that simply increments a digit in your current password.
•Avoid the use of passwords that begin or end with a numeral because they can be guessed easier than passwords that have a numeral in the middle.
•Avoid the use of passwords that others can easily guess by looking at your desk (such as names of pets, sports teams, and family members).
•Avoid the use of words from popular culture.
•Enforce the use of passwords that require you to type with both hands on the keyboard.
•Enforce the use of uppercase and lowercase letters, numbers, and symbols in all passwords.
•Enforce the use of space characters and characters that can be produced only by pressing the ALT key.

Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\Password must meet complexity requirements

This policy setting checks all new passwords when they are created to ensure that they meet complexity requirements. The Windows Server 2003 policy rules cannot be directly modified. However, you can create a new version of the Passfilt.dll file to apply a different set of rules. For more information about creating a custom Passfilt.dll file, see the MSDN® article "Sample Password Filter" at

No comments:

Recent Posts