Enforcing Strong Passwords
You, as a savvy Windows Vista user, know how to create a strong password, and you can certainly pass along that information to the other people in your home or business, but how can you be sure that they'll take up the strong password gospel?
The truth is you can't, and surveys of password use over the years have been remarkably consistent: most users are lazy and they prefer to use simple passwords that are easy to remember. If the user operates a standalone PC, then it's their funeral. But it's more likely these days that the user is part of a network, and a brain-dead password puts not only that PC at risk, but it puts the entire network at risk.
If it's your network you're worried about, you can take matters into your own hands and set up password policies that ensure your users protect their PCs with strong passwords. There are two policies you can implement:
- Minimum Password Length This policy sets the minimum number of characters for the password. You enter a value that represents the number of characters, and that value can be as high as 14 or as low as 1. (If you use 0, it means no password is required.) A good choice here is 8.
- Password Must Meet Complexity Requirements If you enable this policy, Windows Vista examines each new password and accepts it only if it meets the following criteria: It doesn't contain all or part of the person's username; it's at least six characters long; and it contains characters from three of the following four categories: uppercase letters, lowercase letters, digits (0-9), and nonalphanumeric characters (such as $ and #).
| NOTE |
| If you set the Minimum Password Length policy to a value between 0 and 5, and you enable the Password Must Meet Complexity Requirements policy, the latter policy takes priority and the minimum password length is six characters. If you set the Minimum Password Length policy to a value between 7 and 14, and you enable the Password Must Meet Complexity Requirements policy, the former policy takes priority and Windows uses its value as the minimum password length. |
Follow these steps to implement these policies:
| NOTE |
| These steps require the Local Security Policy Editor, which is only available with Vista Business, Vista Enterprise, and Vista Ultimate. There's no other way to specify password strength, but you can set a minimum password length using Command Prompt, as I discuss below. |
- Log on to the Windows Vista computer you want to work with.
- Select Start, type secpol.msc, press Enter, and then enter your administrator's credentials to continue.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.














There is a mistake. It
There is a mistake. It should be net accounts /minpwlen:nRegards