Password Complexity Options 1

[quolo]

Win2K Server in a Win2K and WinXP world.

I currently have passwords expiring every month and a half and password complexity enabled, as according to my Domain Security Policies.

The password complexity properties are seem pretty limited - on or off. Anyone know a way to get more specific about the parameters for password complexity?

Thankee mucho,

Jeremy

 

[Seaspray0]

You run a risk of getting too complex... setting the minimum length too high (min of 6 chars is enough), using short lifespans (less than 2 months), and remembering lots of previous password history (greater than 10)... its called post it notes with passwords written on them by users being stuck inside desks, or worse on the monitor itself because you made their life miserable trying to remember a new complex password every 1 1/2 months. If you doubt I'm wrong, go snooping around and see for yourself. All it takes is a visitor writting down what they see on post-its and noting the logon name (start>shutdown>logoff>cancel) to have access to your network. If you really want good password security, educate the users to use a pattern on the keyboard rather than an actual word. i.e. type the pattern "fghjuytr" and you'll see how easy it is to remember a pattern but hard to remember the actual characters. they're also extremely hard to crack since they don't make an actual dictionary word (which is what hackers attempt). As for the complexity setting... on or off with no adjustments.

 

[quolo]

Thanks for the response. It's the numbers and special characters that are confusing my users. For now, I think I'll go without it and encourage them to be less literal with their pwords.

 

[hewissa]

Excellent answer Sea. Nicely put, have a star.

Hewissa

MCSE, CCNA, CIW