See also Active Directory Password Management

This is just a bit of info for IT decision-makers to make you are aware of some options that can be changed to suit your needs or wishes.

Please note that network usernames and passwords are not the same as e-mail usernames and passwords. They also have different password policy systems.

• Minimum Requirements
• Complexity
  • Upper Case
  • Lower Case
  • Numbers
  • Symbols
• Length
• Maximum Age

Passwords are a significant risk to most computing security systems. Where high-security systems usually rely on two-factor (or more) authentication (like password+fingerprint or password+smart-card), most small businesses rely on just a single password for security.

Password policies dramatically affect the security of user passwords. They also can be frustrating…security is a double-edged sword.

The most important policy is “Use no trivial passwords, ever, for anything.”

The only hacks I have ever seen or been involved with were the result of trivial passwords and automated 'script kiddie' tools scanning for 'low-hanging fruit' (easy marks). A dedicated attacker would present a much greater risk as they often use 'social engineering' techniques which are far more effective.

These graphics that show and explain some of the password policy settings available. If you'd like us to modify any of these settings, please let us know, or if you prefer, we can show you how to adjust the settings yourself.