Enforcing Strong Passwords

By  

You, as a savvy Windows Vista user, know how to create a strong password, and you can certainly pass along that information to the other people in your home or business, but how can you be sure that they'll take up the strong password gospel?

The truth is you can't, and surveys of password use over the years have been remarkably consistent: most users are lazy and they prefer to use simple passwords that are easy to remember. If the user operates a standalone PC, then it's their funeral. But it's more likely these days that the user is part of a network, and a brain-dead password puts not only that PC at risk, but it puts the entire network at risk.

If it's your network you're worried about, you can take matters into your own hands and set up password policies that ensure your users protect their PCs with strong passwords. There are two policies you can implement:

  • Minimum Password Length This policy sets the minimum number of characters for the password. You enter a value that represents the number of characters, and that value can be as high as 14 or as low as 1. (If you use 0, it means no password is required.) A good choice here is 8.
  • Password Must Meet Complexity Requirements If you enable this policy, Windows Vista examines each new password and accepts it only if it meets the following criteria: It doesn't contain all or part of the person's username; it's at least six characters long; and it contains characters from three of the following four categories: uppercase letters, lowercase letters, digits (0-9), and nonalphanumeric characters (such as $ and #).
NOTE
If you set the Minimum Password Length policy to a value between 0 and 5, and you enable the Password Must Meet Complexity Requirements policy, the latter policy takes priority and the minimum password length is six characters. If you set the Minimum Password Length policy to a value between 7 and 14, and you enable the Password Must Meet Complexity Requirements policy, the former policy takes priority and Windows uses its value as the minimum password length.

Follow these steps to implement these policies:

NOTE
These steps require the Local Security Policy Editor, which is only available with Vista Business, Vista Enterprise, and Vista Ultimate. There's no other way to specify password strength, but you can set a minimum password length using Command Prompt, as I discuss below.
  1. Log on to the Windows Vista computer you want to work with.
  2. Select Start, type secpol.msc, press Enter, and then enter your administrator's credentials to continue.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question