Archived from groups: microsoft.public.win2000.general (
More info?)
Jerold Schulman wrote:
> On Fri, 18 Mar 2005 10:52:50 -0500, "B Williams" <willdrama@hotmail.com> wrote:
>
>
>>I have a stand alone windows 2000 machine SP4 that I am trying to set up a
>>password policy to not allow blank passwords. I went into local security
>>policy and set minimum password length to 8 and that works when I try to
>>create a user with a blank password using computer management, but if I
>>create a user from user accounts in control panel it allows me to create the
>>user with no password. How can I restrict users with a blank password?
>>Thanks in advance.
>>
>
> Set password must meet complexity requirements.
>
> The password supplied does not meet the minimum complexity requirements. Please select another password that meets all of the following criteria:
> is at least x characters;
> has not been used in the previous x passwords;
> does not contain your account or full name;
> contains at least three of the following four character groups:
>
> English uppercase characters (A through Z);
> English lowercase characters (a through z);
> Numerals (0 through 9);
> Non-alphabetic characters (such as !, $, #, %)
Password complexity depends on what the threat are. If someone might
be looking over your shoulder, you need uppercase and lowercase. Most
people can't hold more than 6 or 7 items in short-term memory ("Miller's
Number"). If there is a chance that somebody can do packet sniffing
and intercept packets holding passwords, you need encryption. If there
is a high bandwidth path to your machine such that many passwords can be
tried in a short time, a "dictionary" attack is a possibility and you
don't want ordinary words as passwords. If somebody knows you well,
they might know your wife's name, etc. FWIW, I once guessed a guy's
password (gdbagbag) because he was an organist and these were the first
notes of a well-known piece!
The other extreme is when you work in a secure environment. Only
cleared equipment, networks and people are present. So no passwords are
needed! Physical security is always the best!