Networking with Windows Vista
by Paul McFedries
Networking

Enforcing Strong Passwords

1 comment | 16I like it!
Tags: passwords, Vista
More »
Recent Posts
July 16, 2008, 04:45 PM — 

You, as a savvy Windows Vista user, know how to create a strong password, and you can certainly pass along that information to the other people in your home or business, but how can you be sure that they'll take up the strong password gospel?

The truth is you can't, and surveys of password use over the years have been remarkably consistent: most users are lazy and they prefer to use simple passwords that are easy to remember. If the user operates a standalone PC, then it's their funeral. But it's more likely these days that the user is part of a network, and a brain-dead password puts not only that PC at risk, but it puts the entire network at risk.

If it's your network you're worried about, you can take matters into your own hands and set up password policies that ensure your users protect their PCs with strong passwords. There are two policies you can implement:

  • Minimum Password Length This policy sets the minimum number of characters for the password. You enter a value that represents the number of characters, and that value can be as high as 14 or as low as 1. (If you use 0, it means no password is required.) A good choice here is 8.
  • Password Must Meet Complexity Requirements If you enable this policy, Windows Vista examines each new password and accepts it only if it meets the following criteria: It doesn't contain all or part of the person's username; it's at least six characters long; and it contains characters from three of the following four categories: uppercase letters, lowercase letters, digits (0-9), and nonalphanumeric characters (such as $ and #).
NOTE
If you set the Minimum Password Length policy to a value between 0 and 5, and you enable the Password Must Meet Complexity Requirements policy, the latter policy takes priority and the minimum password length is six characters. If you set the Minimum Password Length policy to a value between 7 and 14, and you enable the Password Must Meet Complexity Requirements policy, the former policy takes priority and Windows uses its value as the minimum password length.

Follow these steps to implement these policies:

NOTE
These steps require the Local Security Policy Editor, which is only available with Vista Business, Vista Enterprise, and Vista Ultimate. There's no other way to specify password strength, but you can set a minimum password length using Command Prompt, as I discuss below.
  1. Log on to the Windows Vista computer you want to work with.
  2. Select Start, type secpol.msc, press Enter, and then enter your administrator's credentials to continue.

    Sign up for ITworld's Daily newsletter
    Follow ITworld on Twitter @IT_world

I like it!
Comments
1 comment Add a comment

There is a mistake. It

There is a mistake. It should be net accounts /minpwlen:n

Regards
by root (not verified) on 1/27/09 at 2:09 pm | reply
View all comments »
peer-to-peer

Esther Schindler
If the comments are ugly, the code is ugly

claird
SVG a graphics format for 21st century

pasmith
Take Chrome OS for a test spin

Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?

sjvn
64-bits of protection?

jfruh
Android fragments vs. the iPhone monolith

mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive

 

Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann

Join the conversation here

The Daily Tip

The Daily TipQuick, practical advice for IT pros. Made fresh daily.

Hot tips:

Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.

Newsletters

Subscribe to ITWORLD TODAY and receive the latest IT news and analysis.

I would like to receive offers via email from ITworld partners.
By clicking submit you agree to the terms and conditions outlined in ITworld's privacy policy.
view all newsletters »
Featured Sponsor
Case Study: AISO grows its "green" business

AISO founders envisioned a Web hosting company that was environmentally friendly. While the company employed energy-efficient innovations like solar panels, its infrastructure produced unacceptable power and cooling requirements. Find out how AISO leveraged AMD technology to overcome their challenge in this case study white paper.

Download this white paper »
Myth of the Million Dollar Database

In this whitepaper, Scalar explores the opportunity to change the landscape with respect to mission critical databases built around Oracle. Leveraging technologies such as Linux, high-end commodity processing power and Oracle RAC technology to architect, design, build and maintain database infrastructure that delivers maximum availability, reliability and performance at a fraction of traditional cost.

Download this white paper »
Success Story: Weather.com handles whatever nature serves up

On a typical day, weather.com, the Web site for The Weather Channel in Atlanta, serves up between 15 million and 20 million page views. But in September 2004, when back-to-back hurricanes ransacked Florida, the peak traffic on one day more than tripled: over 70 million page views by more than 7 million unique visitors. Read the full success story now.

Download this white paper »
Marketplace