|
It really depends on what type of group
policy you se. On an interesting note - -I just attended
the Microsoft Security Strategies Road Show this week and the topic of
passwords vs. passphrases was
brought up. If you are willing to implement the policy
- - if you force your users to use a minimum 15 character password/passphrase
(i.e. my dog has fleas which is
16 including spaces - - remember with windows you can use spaces in passwords)
you can have them never be forced to change their password, not use lockouts
after X bad attempts and still have just over 1,677,259,342,285,725,925,376
different possibilities. Meaning even with a brute force attack - -it would
conceivably take thousands of years to crack a password. n
Minimum
of 15 characters means no LMHash created n
15
lowercase letters = 1,677,259,342,285,725,925,376 possibilities n
Try a
million a second, it’ll take 531,855 centuries (credited
to Mark Minasi) Just a little idea they through out there. From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M. Hi Folks, I apologize for the question since I
think it has been battered around in one form or another but I can't seem to
find the answer. The question: a related company root admin wants to see
a password expiration length time on a W2K domain. He is worried that
everyone's password will expire at the same time. Correct or
incorrect? TIA! Mike Thommes |
- [ActiveDir] consequences of setting password expiratio... Thommes, Michael M.
- RE: [ActiveDir] consequences of setting password ... Craig Cerino
- RE: [ActiveDir] consequences of setting password ... Craig Cerino
- RE: [ActiveDir] consequences of setting password ... Brian Desmond
- RE: [ActiveDir] consequences of setting password ... John Harvey
- RE: [ActiveDir] consequences of setting password ... John Harvey
