Microsoft Windows NT Workstation Home   All Products  |   Support  |   Search  |   microsoft.com Home  
Microsoft
  Windows Home  |   E-newsletter  |
 
Search Microsoft.com for
Advanced Search
Windows NT Workstation Home
Product Information
Technical Resources
Downloads
Support
Related Sites
Partners
Home Technical Resources
Document icon

Password Guidelines

The policy below is an example only, and may not be strong enough for your needs. It is up to each customer to determine how strong is strong enough. This example policy can be made stronger by increasing the required length or diversity of types of characters in the password, and the frequency with which the password must be changed.

  • Your password must contain characters from at least three of the following four classes:

    Description Examples
    1. English Upper Case Letters A, B, C, ... Z
    2. English Lower Case Letters a, b, c, ... z
    3. Westernized Arabic Numerals 0, 1, 2, ... 9
    4. Non-alphanumeric ("special characters"). For example, punctuation, symbols. ({}[],.<>;:'"?/|\`~!@#$%^&*()_-+=)
  • At a minimum your password must be at least six characters long. For stronger security, choose longer passwords with characters from all four classes.
  • Your password may not contain your e-mail name or any part of your full name.
  • Your password should be changed every 45 days.
  • Your new passwords should never be the same as any of your last eight passwords.
  • Your password should not be a "common" word (for example, it should not be a word in the dictionary or slang in common use). Your password should not contain words from any language, because numerous password-cracking programs exist that can run through millions of possible word combinations in seconds.
  • A complex password that cannot be broken is useless if you cannot remember it. For security to function, you must choose a password you can remember and yet is complex. For example, Msi5!YOld (My Son is 5 years old) OR IhliCf5#yN (I have lived in California for 5 years now).

Microsoft also provides a number of resources and tools for implementing strong passwords.

  • To implement complex password rules, Windows NT® customers can use PASSPROP, the strong password tool that is included in the Windows NT 4.0 Resource Kit. Windows NT users should use the User Manager to enforce the minimum required password length.
  • Windows NT customers can use the password filter that enforces strong passwords. This is discussed in the Knowledge Base article Q161990 .
  • Windows NT customers can craft their own password policy. Sample code and information is available from the Microsoft Technical Support Web site.


Last Updated: Friday, May 18, 2001
© 2005 Microsoft Corporation. All rights reserved. Terms of use.