WinNT passwords are no less vulnerable to attack than other OS. The
password policy you described, with the addition not to use ordinary words
with a number or special charater at the start or end of the word, and
mandatory changes every 90 days is appropriate unless you do not believe
your information systems are crucial to your business.
Raymond Harris
Information Systems Audit Manager
Air Force Audit
-----Original Message-----
Date: Fri, 07 Apr 2000 12:06:55 -0400
From: Mailing Lists <[EMAIL PROTECTED]>
Subject: WinNT Passwords Policy
Hi all,
I'd like to have your opinion and personal experience regarding what policy
to implement when dealing with passwords on a pure Windows Network (Windows
98, Windows NT 4 workstation and servers, Windows NT 2000 professional and
server). The NT domain is based on a NT Server 4 SP5, and the users get
mail from MS Exchange 5.5 SP3.
At my old job, whe had a mix environment of WinNT, Linux and Suns, so the
policy was to have a password of at least 8 characters long, containing
upper and lower case letters, numbers and one of those:
:;().,<>!@#$%^&*-_=+
I just want your opinion as to know if in a pure NT environment, I need to
have something that strict, or I can loosen it up a little and keep the
same strenght.
What is your opinion and what do you use/recommend in that matter?
Thanks!
-+-
Mario Biron, CCA, System Administrator
DNRC Title: Official and Proud Sponsor of the Y2K Problem
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
