Focus on Microsoft
AD Password complexity - passwords too long? May 19 2009 04:32PM
dgonzalez itpro gmail com (6 replies)
Re: AD Password complexity - passwords too long? May 20 2009 02:40AM
Torsten Pihl (thorgolucky gmail com) (1 replies)
RE: AD Password complexity - passwords too long? May 20 2009 06:43PM
Jason Hurst (Jason Hurst PandaRG com) (1 replies)
Re: AD Password complexity - passwords too long? May 20 2009 10:20PM
Anthony Petito (anthonypetito gmail com)
Re: AD Password complexity - passwords too long? May 20 2009 12:30AM
ews (ews tellurian net) (2 replies)
RE: AD Password complexity - passwords too long? May 22 2009 09:08PM
Quark IT - Hilton Travis (Hilton QuarkIT com au)
Re: AD Password complexity - passwords too long? May 20 2009 07:58PM
Ansgar Wiechers (bugtraq planetcobalt net)
RE: AD Password complexity - passwords too long? May 19 2009 06:11PM
Cruz, Dariel (dcruz gableseng com) (1 replies)
Re: AD Password complexity - passwords too long? May 20 2009 02:32AM
Anthony Petito (anthonypetito gmail com)
RE: AD Password complexity - passwords too long? May 19 2009 05:50PM
Brian K. Dore (bkd louisiana edu) (3 replies)
Re: AD Password complexity - passwords too long? May 19 2009 06:30PM
Anthony Petito (anthonypetito gmail com)
Re: AD Password complexity - passwords too long? May 19 2009 06:26PM
Anthony Petito (anthonypetito gmail com)
Re: AD Password complexity - passwords too long? May 19 2009 06:06PM
DG Gmail (dgonzalez itpro gmail com) (2 replies)
RE: AD Password complexity - passwords too long? May 22 2009 09:05PM
Quark IT - Hilton Travis (Hilton QuarkIT com au)
RE: AD Password complexity - passwords too long? May 20 2009 04:09PM
Lee Clemens (security leeclemens net)
RE: AD Password complexity - passwords too long? May 19 2009 05:19PM
Lucas, Mark J (mjlucas caltech edu)
For a Windows 2003 domain in native mode, the limit is either 128 or
256, I forget which. My administrator password is routinely over 20
characters and I do not have a problem. It is unlikely that you will
have end users with passwords reaching the character limit simply
because it's a pain to type that many characters just to get into a
machine. I wouldn't set a minimum password length less than 8
characters. A password over 15 characters cannot be used for LM or NTLM
authentication. NTLMv2 authentication must be used for these longer
passwords and therefore can be a problem on some older Unix/Linux SMB
servers.

> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed]
[mailto:listbounce (at) securityfocus (dot) com [email concealed]]
> On Behalf Of dgonzalez.itpro (at) gmail (dot) com [email concealed]
> Sent: Tuesday, May 19, 2009 9:32 AM
> To: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: AD Password complexity - passwords too long?
>
> Hello list,
>
> We have password complexities set on our domain; minimum password
length
> is 8 and all XP users and Windows 2003 servers.
>
> I can set my password to 9-10 characters, but if I try to set it for
10+
> characters, they get the error message that they do not meet the
> complexity requirements.
>
> I have searched Microsoft documentation, and find minimum length
> requirements. I think I saw something about 28 characters, and even
127
> characters.
>
> Does anyone know if there is a max password length?
>
> We would like to keep the minimum 8 characters, and the maximum varied
at
> the users discretion. Can this be done?
>
>
> Thanks

[ reply ]
RE: AD Password complexity - passwords too long? May 19 2009 05:17PM
Dave Doeppel (doeppel idealab com)


 

Privacy Statement
Copyright 2010, SecurityFocus