Here you go.
1) Minumum of 10 characters (NT supports up to 14)
2) Must contain at least one Capitalized letter, one lower case letter and one
digit
(and if you want, one of ":;().,<>!@#$%^&*-_=+"
3) Must not be similar to previous password
4) Can not be any of the last 15 passwords
5) Can not resemble the user ID
6) Every user gets their own unique ID
7) No shared ID's
That's about it.
--------------------------------------------------------------------------------
Jerry T. Kendall, CISSP Celestica International Inc.
Manager, Worldwide Information Security 12 Concorde Place, 7th Floor
Corporate Information Security Toronto, Ontario, M3C 3R8, CANADA
http://www.celestica.com Tel: +1.416.386.7739
[EMAIL PROTECTED] Fax: +1.416.386.7707
--------------------------------------------------------------------------------
Mailing Lists <[EMAIL PROTECTED]> on 04/07/2000 12:06:55 PM
To: [EMAIL PROTECTED],
[EMAIL PROTECTED]
cc: (bcc: Jerry Kendall/Inc/Celestica)
Subject: WinNT Passwords Policy
Hi all,
I'd like to have your opinion and personal experience regarding what policy
to implement when dealing with passwords on a pure Windows Network (Windows
98, Windows NT 4 workstation and servers, Windows NT 2000 professional and
server). The NT domain is based on a NT Server 4 SP5, and the users get
mail from MS Exchange 5.5 SP3.
At my old job, whe had a mix environment of WinNT, Linux and Suns, so the
policy was to have a password of at least 8 characters long, containing
upper and lower case letters, numbers and one of those:
:;().,<>!@#$%^&*-_=+
I just want your opinion as to know if in a pure NT environment, I need to
have something that strict, or I can loosen it up a little and keep the
same strenght.
What is your opinion and what do you use/recommend in that matter?
Thanks!
-+-
Mario Biron, CCA, System Administrator
DNRC Title: Official and Proud Sponsor of the Y2K Problem
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
att1.eml
