Password complexity is far less interesting than password length and the math proves it:
The Great Debates: Pass Phrases vs. Passwords. Part 1 of 3 http://www.microsoft.com/technet/security/secnews/articles/itproviewpoin t091004.mspx The Great Debates: Pass Phrases vs. Passwords. Part 2 of 3 http://www.microsoft.com/technet/security/secnews/articles/itproviewpoin t100504.mspx The Great Debates: Pass Phrases vs. Passwords. Part 3 of 3 http://www.microsoft.com/technet/security/secnews/articles/itproviewpoin t110104.mspx Also take a look at the "Understanding Password Complexity" section of the Account Lockouts Best Practices Whitepaper: Account Lockout Best Practices Whitepaper http://www.microsoft.com/downloads/details.aspx?FamilyID=8c8e0d90-a13b-4 977-a4fc-3e2b67e3748e Jim -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of dubaisans dubai Sent: Tuesday, August 14, 2007 11:15 PM To: [email protected] Subject: Password complexity - improvement Is there a way to improve the password complexity requirements in Windows 2000/2003 servers The default will enforce 3 of the following 4 properties - Uppercase, smallercase, numbers, special-characters. Is there a way to enforce all 4 properties. I donot want to install third-party software I have read about customising passfilt.dll . Is that recommended. Does MS provide a customised passfilt.dll for download and install. Are there any support issues if I go for something like this ? All mail to and from this domain is GFI-scanned.
