RE: Password complexity - improvement



How?

26*26*10*(however many special characters you want to allow) > 26*26*10


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx on behalf of Ansgar -59cobalt- Wiechers
Sent: Wed 8/15/2007 2:39 PM
To: focus-ms@xxxxxxxxxxxxxxxxx
Cc:
Subject: Re: Password complexity - improvement

On 2007-08-15 dubaisans dubai wrote:
Is there a way to improve the password complexity requirements in
Windows 2000/2003 servers

The default will enforce 3 of the following 4 properties - Uppercase,
smallercase, numbers, special-characters.

Is there a way to enforce all 4 properties.

Enforcing passwords that MUST consist of uppercase letters, lowercase
letters, numbers AND special characters reduces the total number of
possible passwords, which in consequence has a negative impact on your
security.

Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq



Relevant Pages

  • RE: Password complexity - improvement
    ... maybe MS were smart when they didn't allow all four character set enforcement out of the box. ... The default will enforce 3 of the following 4 properties - Uppercase, ... Enforcing passwords that MUST consist of uppercase letters, ...
    (Focus-Microsoft)
  • Re: Password complexity - improvement
    ... The default will enforce 3 of the following 4 properties - Uppercase, ... smallercase, numbers, special-characters. ... Enforcing passwords that MUST consist of uppercase letters, ...
    (Focus-Microsoft)
  • Re: Password complexity - improvement
    ... Uppercase, smallercase, numbers, special-characters. ... Enforcing passwords that MUST consist of uppercase letters, ... passwords consisting of uppercase/lowercas letters, ...
    (Focus-Microsoft)
  • Re: Strong Passwords
    ... > Can anyone suggest what the best way to enforce strong passwords on a ... > FreeBSD system is? ... There's a pam_cracklib module floating around somewhere that you can ... install to enforce strong password security. ...
    (FreeBSD-Security)
  • Re: How to change strong password policy in ASP.NET
    ... the ASP.NET membership providers enforce strong passwords. ... least seven characters in length with at least one non-alphanumeric character. ...
    (microsoft.public.dotnet.framework.aspnet)