Focus on Microsoft
AD Password complexity - passwords too long? May 19 2009 04:32PM
dgonzalez itpro gmail com (6 replies)
Re: AD Password complexity - passwords too long? May 20 2009 02:40AM
Torsten Pihl (thorgolucky gmail com) (1 replies)
RE: AD Password complexity - passwords too long? May 20 2009 06:43PM
Jason Hurst (Jason Hurst PandaRG com) (1 replies)
Re: AD Password complexity - passwords too long? May 20 2009 10:20PM
Anthony Petito (anthonypetito gmail com)
Re: AD Password complexity - passwords too long? May 20 2009 12:30AM
ews (ews tellurian net) (2 replies)
RE: AD Password complexity - passwords too long? May 22 2009 09:08PM
Quark IT - Hilton Travis (Hilton QuarkIT com au)
Re: AD Password complexity - passwords too long? May 20 2009 07:58PM
Ansgar Wiechers (bugtraq planetcobalt net)
RE: AD Password complexity - passwords too long? May 19 2009 06:11PM
Cruz, Dariel (dcruz gableseng com) (1 replies)
Re: AD Password complexity - passwords too long? May 20 2009 02:32AM
Anthony Petito (anthonypetito gmail com)
RE: AD Password complexity - passwords too long? May 19 2009 05:50PM
Brian K. Dore (bkd louisiana edu) (3 replies)
Re: AD Password complexity - passwords too long? May 19 2009 06:30PM
Anthony Petito (anthonypetito gmail com)
Re: AD Password complexity - passwords too long? May 19 2009 06:26PM
Anthony Petito (anthonypetito gmail com)
Re: AD Password complexity - passwords too long? May 19 2009 06:06PM
DG Gmail (dgonzalez itpro gmail com) (2 replies)
RE: AD Password complexity - passwords too long? May 22 2009 09:05PM
Quark IT - Hilton Travis (Hilton QuarkIT com au)
G'day Daniel,

We never recommend that clients use passwords, but passphrases. This way, by including proper case and punctuation, you've automatically complied with the complexity requirements and you've surpassed 14 characters - we suggest a sentence such as "At 3.00 on Friday I need to collect the kids from school." But using a sentence that isn't actually true (ie, this is a great example for a childless employee).

So, with our clients, we've pretty much *all* got passwords that far exceed 10 characters, and for that matter, we set the min password length to 12 on all sites (mainly because with SBS 2003, the SharePoint integration would break if the min password was longer than 12, however using 25+ char passwords works fine - it is the min password length setting that bOrks this integration).

--

http://hiltont.blogspot.com/

Regards,

Hilton Travis Phone: +61 (0)7 3105 9101
(Brisbane, Australia) Phone: +61 (0)419 792 394
Manager, Quark IT http://www.quarkit.com.au
Quark Group http://www.quarkgroup.com.au

Microsoft SBSC PAL (Australia) http://www.sbscpal.com/

War doesn't determine who is right. War determines who is left.

> -----Original Message-----
> On Behalf Of DG Gmail
> Sent: Wednesday, 20 May 2009 04:06
>
> Thank for the replies all...
>
> I have done the test below and still didn't work. I
> check to make sure domain GPO's were being applied, and
> they are.
>
> As I mentioned minimum password length is 8 characters.
>
> If my password is Myp@sw0rd (as you can see its actually
> 9) it works ok, but if I try to use Myp@sw0rd1sthis it
> does now work. It will not allow me to change it.
>
> I have also check the other requirements ( history,
> username in password, etc...)
>
> Could there be a restriction as far as using a special
> character more than once?
>
> I have seen the documentaion that states otherwise, but
> anything longer than 9-10 characters fails.
>
> *shrug*
>
> Daniel
>
>
>
> ----- Original Message -----
> From: "Brian K. Dore" <bkd (at) louisiana (dot) edu [email concealed]>
> Sent: Tuesday, May 19, 2009 10:50 AM
>
> > AD allows 127 characters. I have (progmatically) set
> > passwords up to this length. Win9x were limited to 14
> > IIRC. Some people may have incorrectly assumed that the
> > AD limit is based on the length of the password field in
> > the interactive dialog box which is something like 28
> > characters or so, but scrolls when that size is exceeded.
> > That may explain the erroneous documentation. Try
> > setting a password to something straightforward for
> > testing like A1aaaaaaaaaaaaaaaaaa and verify if it's a
> > length issue or something else.
> >
> > Brian
> >
> >
> >
> > -----Original Message-----
> > On Behalf Of dgonzalez.itpro (at) gmail (dot) com [email concealed]
> > Sent: Tuesday, May 19, 2009 11:32 AM
> >
> > Hello list,
> >
> > We have password complexities set on our domain; minimum
> > password length is 8 and all XP users and Windows 2003
> > servers.
> >
> > I can set my password to 9-10 characters, but if I try
> > to set it for 10+ characters, they get the error message
> > that they do not meet the complexity requirements.
> >
> > I have searched Microsoft documentation, and find
> > minimum length requirements. I think I saw something
> > about 28 characters, and even 127 characters.
> >
> > Does anyone know if there is a max password length?
> >
> > We would like to keep the minimum 8 characters, and the
> > maximum varied at the users discretion. Can this be
> > done?
> >
> >
> > Thanks

This document and any attachments are for the intended recipient only.
It may contain confidential, privileged or copyright material which
must not be disclosed or distributed without prior approval.

Quark Group Pty Ltd :: ABN 23 114 975 772
Trading As Quark AudioVisual, Quark Automation, Quark IT

[ reply ]
RE: AD Password complexity - passwords too long? May 20 2009 04:09PM
Lee Clemens (security leeclemens net)
RE: AD Password complexity - passwords too long? May 19 2009 05:19PM
Lucas, Mark J (mjlucas caltech edu)
RE: AD Password complexity - passwords too long? May 19 2009 05:17PM
Dave Doeppel (doeppel idealab com)


 

Privacy Statement
Copyright 2010, SecurityFocus