+ Post New Thread
Results 1 to 8 of 8
Windows Server 2008 R2 Thread, Password Complexity in Technical; Hi everyone, This may be a weird one but here it goes. At the moment we have a relaxed password ...
  1. #1
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,421
    Thank Post
    508
    Thanked 282 Times in 258 Posts
    Rep Power
    81

    Password Complexity

    Hi everyone,

    This may be a weird one but here it goes.

    At the moment we have a relaxed password policy, passwords have to be a certain length, expire after 90 days and you can't use the same password twice.

    However, I want to enable password complexity, but here's the thing, are there anywhere that anyone knows of A standard that explains why Password Complexity uses the charterers it uses etc ?

    I'm bound to be asked by someone 'why do I have to have a password that adheres to this policy' ? I'd be handy if I could find A standard or something that explains the use of complexity and why it is the way it is.

    I hope you all Understand what I mean.

    Thanks
    Have A great day!

    Chris.

  2. #2

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,764
    Thank Post
    760
    Thanked 539 Times in 422 Posts
    Rep Power
    259

  3. Thanks to Oaktech from:

    cpjitservices (14th April 2014)

  4. #3

    Steve21's Avatar
    Join Date
    Feb 2011
    Location
    Swindon
    Posts
    2,689
    Thank Post
    334
    Thanked 515 Times in 483 Posts
    Rep Power
    179
    NISTs was the big one for american companies, thus MS etc.

    They suggest a lot of "stuff" :P But most of it is too blahsy for normal use: http://csrc.nist.gov/publications/dr...-sp800-118.pdf See page 20+ :P Short version being more character options = better security (Yes length matters, but in relation to same lengths etc)

    Steve

  5. Thanks to Steve21 from:

    cpjitservices (14th April 2014)

  6. #4
    JamesBanks7's Avatar
    Join Date
    Dec 2013
    Location
    North-East
    Posts
    104
    Thank Post
    13
    Thanked 44 Times in 33 Posts
    Rep Power
    43
    my take on this would be that it enforces the user to use special characters and numbers and also includes upper case letters which creates a more secure password due to the extra amount of combinations possible
    For example: password1 is a very common password/phrase used so enforcing password complexity could mean that the user then has to try a more sophisticated password like Pa55word_1

    If anyone asks you for a reason behind your decision to implement password complexity I think you should just let them know the security benefits and they will soon be happy

  7. Thanks to JamesBanks7 from:

    cpjitservices (14th April 2014)

  8. #5

    Join Date
    Sep 2013
    Posts
    8
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    So true that cartoon!

  9. #6


    Join Date
    Feb 2007
    Location
    51.405546, -0.510212
    Posts
    8,747
    Thank Post
    221
    Thanked 2,626 Times in 1,936 Posts
    Rep Power
    778
    You could also use Diceware to create long memorable passwords.

    Diceware passwords now need six random words to thwart hackers Ars Technica

  10. #7
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,421
    Thank Post
    508
    Thanked 282 Times in 258 Posts
    Rep Power
    81
    Standard complexity will be confusing enough lol.

    Quote Originally Posted by Arthur View Post
    You could also use Diceware to create long memorable passwords.

    Diceware passwords now need six random words to thwart hackers Ars Technica

  11. #8
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,421
    Thank Post
    508
    Thanked 282 Times in 258 Posts
    Rep Power
    81
    Thanks all I think I'll go with the below. Thanks for all of your prompt replies as always!!

    Enjoy your week!!



    Quote Originally Posted by JamesBanks7 View Post
    my take on this would be that it enforces the user to use special characters and numbers and also includes upper case letters which creates a more secure password due to the extra amount of combinations possible
    For example: password1 is a very common password/phrase used so enforcing password complexity could mean that the user then has to try a more sophisticated password like Pa55word_1

    If anyone asks you for a reason behind your decision to implement password complexity I think you should just let them know the security benefits and they will soon be happy

SHARE:
+ Post New Thread

Similar Threads

  1. Password complexity for primary school
    By 3rdknight in forum Windows
    Replies: 22
    Last Post: 5th November 2013, 12:15 PM
  2. [SIMS] SIMS password complexity / user cannot change pw
    By Alis_Klar in forum MIS Systems
    Replies: 12
    Last Post: 4th July 2012, 07:09 PM
  3. Ignore Password Complexity
    By jmair in forum Windows Server 2008 R2
    Replies: 3
    Last Post: 13th September 2011, 08:58 AM
  4. Replies: 3
    Last Post: 12th May 2010, 12:56 PM
  5. password complexity help
    By timbo343 in forum Windows
    Replies: 18
    Last Post: 18th November 2007, 04:36 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •