SecurityFocus

Password complexity - improvement Aug 15 2007 06:14AM
dubaisans dubai (dubaisans gmail com) (5 replies)

RE: Password complexity - improvement Aug 16 2007 01:44PM
Jim Harrison (Jim isatools org)

Password complexity is far less interesting than password length and the
math proves it:

The Great Debates: Pass Phrases vs. Passwords. Part 1 of 3
http://www.microsoft.com/technet/security/secnews/articles/itproviewpoin

t091004.mspx

The Great Debates: Pass Phrases vs. Passwords. Part 2 of 3
http://www.microsoft.com/technet/security/secnews/articles/itproviewpoin

t100504.mspx

The Great Debates: Pass Phrases vs. Passwords. Part 3 of 3
http://www.microsoft.com/technet/security/secnews/articles/itproviewpoin

t110104.mspx

Also take a look at the "Understanding Password Complexity" section of
the Account Lockouts Best Practices Whitepaper:
Account Lockout Best Practices Whitepaper
http://www.microsoft.com/downloads/details.aspx?FamilyID=8c8e0d90-a13b-4

977-a4fc-3e2b67e3748e

Jim

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of dubaisans dubai
Sent: Tuesday, August 14, 2007 11:15 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Password complexity - improvement

Is there a way to improve the password complexity requirements in
Windows 2000/2003 servers

The default will enforce 3 of the following 4 properties - Uppercase,
smallercase, numbers, special-characters.

Is there a way to enforce all 4 properties. I donot want to install
third-party software

I have read about customising passfilt.dll . Is that recommended. Does
MS provide a customised passfilt.dll for download and install.

Are there any support issues if I go for something like this ?

All mail to and from this domain is GFI-scanned.

[ reply ]

Re: Password complexity - improvement Aug 15 2007 06:39PM
Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net) (4 replies)

Re: Password complexity - improvement Aug 24 2007 09:53PM
Chris Barber (cmbarber gmail com)

RE: Password complexity - improvement Aug 16 2007 09:00PM
Adrian Marsden (amarsden jvsdet org)

RE: Password complexity - improvement Aug 16 2007 04:32PM
Thor (Hammer of God) (thor hammerofgod com) (2 replies)

Re: Password complexity - improvement Aug 16 2007 09:09PM
Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net)

RE: Password complexity - improvement Aug 16 2007 06:50PM
Devin Ganger (DevinG 3sharp com) (1 replies)

RE: Password complexity - improvement (correction) Aug 17 2007 09:29PM
James D. Stallard (james leafgrove com)

RE: Password complexity - improvement Aug 15 2007 10:53PM
Adrian Marsden (amarsden jvsdet org) (1 replies)

Re: Password complexity - improvement Aug 16 2007 03:39PM
Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net)

RE: Password complexity - improvement Aug 15 2007 06:12PM
Kunz, Jeffrey T. (JKunz foley com)

SV: Password complexity - improvement Aug 15 2007 05:55PM
Per Thorsheim (putilutt online no)

RE: Password complexity - improvement Aug 15 2007 04:25PM
Bean, John (DSHS) (BeanWj dshs wa gov) (1 replies)

RE: Password complexity - improvement Aug 15 2007 08:44PM
Thor (Hammer of God) (thor hammerofgod com) (1 replies)

RE: Password complexity - improvement Aug 16 2007 05:16PM
James D. Stallard (james leafgrove com) (1 replies)

Re: Password complexity - improvement Aug 16 2007 05:49PM
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa pacbell net)