Password Strengths

[NetworkAdmin123]

Hi,
I'm wondering what everyone is doing in this area. Right now we have it at 6 characters and expiring every 90 days with the past 4 being remembered. We're wondering being in the banking area if we should tighten it even further by requiring it to be a combo of letters and numbers or even more. What is everyone's thought on this. It was hard enought getting everyone to go 6 characters expiring.

Thx!

 

[SGTRawlins]

What you have in place already seems pretty tight, if you are worried about security thier are a few other things you should probably try.

1. Thier has been alot of press latley about staff willingly giving out thier user names and passwords for rewards etc. make sure your staff are upto date with what is acceptable.

2. Try looking into the Bio-Metrics fiels, fingerprint scans etc.

3. If Bio-metrics seems a but OTT then try smart cards or somthing like that!

 

[rislejay]

I have setup the following password policy in my domain:
minimum password length 6 characters
ast 10 passwords remembered
maximum password age 90 days
minimun password age 10 days
password complexity enabled
store password using reversible encryption disabled

Users complain alot about the password complexity.

You might want to also enforce a password protected screen saver set to about 5 minutes.

 

[Jump1ng]

The biggest problem with passwords are .....TA TA DA the users!

We try to make the site secure and use 6 character length remebering last 5 password etc...but the users keeps complaing ohh i cant remember that and what do the do. They write it down on a piece of paper or something that is next to the machine. Making it totally useless.

If your site is in need of high security you should as mentioned by sgtrawlins try to go to something like finger prints or something that no one can forget.

Obviously this will come at a price but if your data is classified or has the need for high security I think its something you need to do. It should hopefully be one time investment as once its installed and working ok, it might even save money due to no need for password chaning and account lock out problems.

 

[deintinis]

How do you set up the password complexity requirement? I know the parameters, but am not sure how to enforce the following:

The password must meet the requirements below.

Passwords must be at least six characters long.
Passwords may not contain your user name or any part of your full name.
Passwords must contain characters from at least three of the following four classes:


English upper case letters
A, B, C, ... Z

English lower case letters
a, b, c, ... z

Westernized Arabic numerals
0, 1, 2, ... 9

Non-alphanumeric ("special characters")
Punctuation marks and other symbols

 

[rislejay]

deintinis edit the group policy, under computer configuration, windows settings, security settings, account policies, password policy - change "minimum password length" to 6 characters and "passwords must meet complexity requirements" to enabled