User Tools

Site Tools


quick_guide:password_policy

Password Policies

See also Active Directory Password Management

This is just a bit of info for IT decision-makers to make you are aware of some options that can be changed to suit your needs or wishes.

:!: Please note that network usernames and passwords are not the same as e-mail usernames and passwords. They also have different password policy systems.

Common Policy Settings

  • Minimum Requirements
  • Complexity
    • Upper Case
    • Lower Case
    • Numbers
    • Symbols
  • Length
  • Maximum Age

Why Would You Care

Passwords are a significant risk to most computing security systems. Where high-security systems usually rely on two-factor (or more) authentication (like password+fingerprint or password+smart-card), most small businesses rely on just a single password for security.

Password policies dramatically affect the security of user passwords. They also can be frustrating…security is a double-edged sword.

The most important policy is “Use no trivial passwords, ever, for anything.”

The only hacks I have ever seen or been involved with were the result of trivial passwords and automated 'script kiddie' tools scanning for 'low-hanging fruit' (easy marks). A dedicated attacker would present a much greater risk as they often use 'social engineering' techniques which are far more effective.

What Can Be Changed

These graphics that show and explain some of the password policy settings available. If you'd like us to modify any of these settings, please let us know, or if you prefer, we can show you how to adjust the settings yourself.

Windows Default Password Policies

Windows Default Password Policy

Zimbra Default Password Policies

Zimbra Default Password Policy

Zimbra Policy Options

Zimbra Password Policy Options

quick_guide/password_policy.txt · Last modified: 2017/02/27 14:19 by gcooper