Benefits and drawbacks of password complexity

From: Russ (rwsinclair@mcpmail.com)
Date: 02/10/03


From: "Russ" <rwsinclair@mcpmail.com>
Date: Mon, 10 Feb 2003 06:57:51 -0800


Realized after posting that if this is W2K, there is no
passfilt, it's just a check box to accomplish the same
thing.

>-----Original Message-----
>I'm not sure why you think you need your own passfilt.
>
>Without passfilt, you can do all the things you listed,
>although 6 characters could be anything (including, as I
>found out in my environment, 123456 or aaaaaa). Passfilt
>forces 3 of 4 of upper case, lower case, number, special
>character, which makes Password1 valid.
>
>It's a fine line between a strong password that the user
>can remember, and one that will be written down, but with
>no complexity requirement at all, you're pretty much wide
>open. I kind of like the sentence approach suggested by
>Peter.
>
>>-----Original Message-----
>>My company has +3,000 users. I need to enable password
>>policies there. Management wants just 6 characters
>>alphanum passwords (and then I have to create my own
>>passfilt.dll). I would enforce lockout (3 times),
>>password history=11, too.
>>
>>I thought a 6 characters "password complexity" would be
>>stronger. But they came up with the following argument:
>>
>>"If you have this password complexity and forcing users
>>to change it every 6 months, people will have a tendency
>>to write the passwords in a piece of paper, because it
is
>>hard to remember and come up with new difficult
passwords
>>such as PaSsword10$". What do you think ?
>>
>>
>>.
>>
>.
>



Relevant Pages

  • Re: Benefits and drawbacks of password complexity
    ... I mentioned passfilt.dll because if I want to enforce an alphanumeric ... In Win2K you have option to select the length of characters and that's all. ... >>I'm not sure why you think you need your own passfilt. ... >>>alphanum passwords (and then I have to create my own ...
    (microsoft.public.win2000.security)
  • Benefits and drawbacks of password complexity
    ... I'm not sure why you think you need your own passfilt. ... I need to enable password ... Management wants just 6 characters ... >I thought a 6 characters "password complexity" would be ...
    (microsoft.public.win2000.security)
  • Re: Benefits and drawbacks of password complexity
    ... If I enable 6 characters (and I do not enable password complexity) they ... > requirements," which accomplishes the same thing as ... >>> passfilt, it's just a check box to accomplish the same ...
    (microsoft.public.win2000.security)
  • Re: Benefits and drawbacks of password complexity
    ... In W2K you can enable "Passwords must meet complexity ... requirements," which accomplishes the same thing as ... >I mean, if you select 6 characters, as you ... >> passfilt, it's just a check box to accomplish the same ...
    (microsoft.public.win2000.security)